Re: [j-nsp] class permission problem

From: Stephen Gill (gillsr@yahoo.com)
Date: Mon Jun 18 2001 - 11:18:40 EDT


It doesn't appear as if you're using the class you've defined (labuser)
for user Juniper. Also keep in mind that you can't modify the builtin
classes. To creat a superuser account with idle-timeouts, you could do
the following for class administrator & user admin:

[system login]
/* Cannnot modify the predefined classes, so we must create our own. */
class administrator {
    /* Session will time out after 15 minutes of inactivity */
    idle-timeout 15;
    permissions all;
}
/* This is our superuser account */
user admin {
    full-name Administrator;
    uid 2000;
    class administrator;
    authentication {
        encrypted-password "<PASSWORD>"; # SECRET-DATA
    }
}

-- steve

--- Stefano Bosio <sbosio@inwind.it> wrote:
> Hi,
>
> from documentation
>
> -----------------
> permissions
> Syntax
> permissions [ permissions ];
> Hierarchy Level
> [edit system login class]
> Description
> Configure the login access privileges to be provided on the router.
> Options
> permissions--Privilege type.
> Usage Guidelines
> See Configure Access Privilege Levels
> Required Privilege Level
> admin--To view this statement in the configuration.
> admin-control--To add this statement to the configuration.
>
>
> --------------
>
> i set this config
>
> system {
> }
> login {
> class labuser {
> idle-timeout 30;
> permissions [ clear configure control field floppy
> interface
> interface-control network reset routing routing-control shell snmp
> snmp-control system system-control trace trace-control view
> maintenance
> firewall firewall-control secret secret-control rollback ];
> }
> user juniper {
> uid 2002;
> class labuser;
> authentication {
> encrypted-password "$1$TCPMb$PhlaybNr.MWLPR5XXKK.Y0";
> #
> SECRET-DATA
> }
> }
> user lab {
> uid 2000;
> class operator;
> authentication {
> encrypted-password "$1$nLUQb$nefOd7kaG1J9V14CABf8h/";
> #
> SECRET-DATA
> }
>
>
> i don't set admin and admin-control to class labuser permission but
> from
> user juniper i can change the user config and commit them:
>
> juniper@M20-LAB> edit
> Entering configuration mode
>
> [edit]
> juniper@M20-LAB# set system login user juniper class super-user
>
> [edit]
> juniper@M20-LAB# commit and-quit
> commit complete
> Exiting configuration mode
>
> juniper@M20-LAB> exit
>
>
> M20-LAB (ttyd0)
>
> login: juniper
> Password:
> Last login: Mon Jun 18 14:50:49 on ttyd0
>
> --- JUNOS 4.4R2.3 built 2001-05-30 00:57:00 UTC
>
> juniper@M20-LAB> show configuration
> version 4.4R2.3;
> system {
> }
> login {
> class labuser {
> idle-timeout 30;
> permissions [ clear configure control field floppy
> interface
> interface-control network reset routing routing-control shell snmp
> snmp-control system system-control trace trace-control view
> maintenance
> firewall firewall-control secret secret-control rollback ];
> }
> user juniper {
> uid 2002;
> class super-user;
> authentication {
> encrypted-password "$1$TCPMb$PhlaybNr.MWLPR5XXKK.Y0";
> #
> SECRET-DATA
> }
> }
>
> -----------------------------
>
> some idea.
>
> stefano
>

__________________________________________________
Do You Yahoo!?
Spot the hottest trends in music, movies, and more.
http://buzz.yahoo.com/



This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:37 EDT