[j-nsp] class permission problem

From: Stefano Bosio (sbosio@inwind.it)
Date: Mon Jun 18 2001 - 10:58:32 EDT


Hi,

from documentation

-----------------
permissions
Syntax
permissions [ permissions ];
Hierarchy Level
[edit system login class]
Description
Configure the login access privileges to be provided on the router.
Options
permissions--Privilege type.
Usage Guidelines
See Configure Access Privilege Levels
Required Privilege Level
admin--To view this statement in the configuration.
admin-control--To add this statement to the configuration.

--------------

i set this config

system {
    }
    login {
        class labuser {
            idle-timeout 30;
            permissions [ clear configure control field floppy interface
interface-control network reset routing routing-control shell snmp
snmp-control system system-control trace trace-control view maintenance
firewall firewall-control secret secret-control rollback ];
        }
        user juniper {
            uid 2002;
            class labuser;
            authentication {
                encrypted-password "$1$TCPMb$PhlaybNr.MWLPR5XXKK.Y0"; #
SECRET-DATA
            }
        }
        user lab {
            uid 2000;
            class operator;
            authentication {
                encrypted-password "$1$nLUQb$nefOd7kaG1J9V14CABf8h/"; #
SECRET-DATA
            }

i don't set admin and admin-control to class labuser permission but from
user juniper i can change the user config and commit them:

juniper@M20-LAB> edit
Entering configuration mode

[edit]
juniper@M20-LAB# set system login user juniper class super-user

[edit]
juniper@M20-LAB# commit and-quit
commit complete
Exiting configuration mode

juniper@M20-LAB> exit

M20-LAB (ttyd0)

login: juniper
Password:
Last login: Mon Jun 18 14:50:49 on ttyd0

--- JUNOS 4.4R2.3 built 2001-05-30 00:57:00 UTC

juniper@M20-LAB> show configuration
version 4.4R2.3;
system {
    }
    login {
        class labuser {
            idle-timeout 30;
            permissions [ clear configure control field floppy interface
interface-control network reset routing routing-control shell snmp
snmp-control system system-control trace trace-control view maintenance
firewall firewall-control secret secret-control rollback ];
        }
        user juniper {
            uid 2002;
            class super-user;
            authentication {
                encrypted-password "$1$TCPMb$PhlaybNr.MWLPR5XXKK.Y0"; #
SECRET-DATA
            }
        }

-----------------------------

some idea.

stefano



This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:37 EDT