[nsp] enable commands as non-enable user?
Josh Duffek
jduffek@cisco.com
Mon, 12 Aug 2002 14:20:13 -0500
cool...so it works for "sh config" but not "sh run"....thanks for the
clarification.
jd
----- Original Message -----
From: "MacDonald, James" <James.MacDonald@attcanada.com>
To: <cisco-nsp@puck.nether.net>
Sent: Monday, August 12, 2002 2:05 PM
Subject: RE: [nsp] enable commands as non-enable user?
> You can enable sh run for any privilege level .. the problem is that
unless
> the level also includes the ability to configure you'll only see a limited
> running config ... ie. it shows you what you can actually do ... example:
>
> gwy1-tor#sh run
> Building configuration...
>
> Current configuration : 155 bytes
> !
> ! Last configuration change at 03:55:56 EST Sat Aug 3 2002 by jamesm
> ! NVRAM config last updated at 04:43:56 EST Mon Aug 12 2002 by stats
> !
> !
> !
> !
> end
>
> Not very usefull ... so the only choice is a "sh conf" where it reads the
> nvram:startup-config file (basically more's the file). The caveat there is
> that users had better be writing the config after all changes or some
items
> may be missed. I do what was suggested earlier and it works quite well ...
> allow a priv level to show, show conf etc ... then put the level in teh
> user/pass command. works nicely.
>
> Jim
>
> -----Original Message-----
> From: Barry Bruins [mailto:bbruins@cisco.com]
> Sent: Monday, August 12, 2002 2:44 PM
> To: Josh Duffek; Bruce Campbell; cisco-nsp@puck.nether.net
> Subject: Re: [nsp] enable commands as non-enable user?
>
>
> Ughh. I'm embarrassed. You're right. It may require a TACACS+ server
> in the mix.
>
> Barry
>
> At 01:06 PM 8/12/2002 -0500, Josh Duffek wrote:
> >just fyi...im 99% sure you cant do this for "sh run"...but i never tried
> for
> >"sh config".
> >
> >joshd
> >
> >----- Original Message -----
> >From: "Barry Bruins" <bbruins@cisco.com>
> >To: "Bruce Campbell" <bruce.campbell@ripe.net>;
<cisco-nsp@puck.nether.net>
> >Sent: Monday, August 12, 2002 12:24 PM
> >Subject: Re: [nsp] enable commands as non-enable user?
> >
> >
> >> Use the privilege command to set the show running-config to another
> level.
> >>
> >> Barry
> >>
> >> At 06:29 PM 8/12/2002 +0200, Bruce Campbell wrote:
> >>
> >> >Greetings,
> >> >
> >> >I'm wanting to allow a dedicated non-enabled user to be able to 'show
> >> >conf' (run through all the routers and save the conf nightly). Is
this
> >> >possible via AAA (tacacs+)? ( the AAA overview on cco isn't that
clear
> >on
> >> >whether this is possible or not)
> >> >
> >> >--==--
> >> >Bruce.
> >> >
> >> >_______________________________________________
> >> >cisco-nsp mailing list real_name)s@puck.nether.net
> >> >http://puck.nether.net/mailman/listinfo/cisco-nsp
> >> >archive at http://puck.nether.net/pipermail/cisco-nsp/
> >>
> >
> >_______________________________________________
> >cisco-nsp mailing list real_name)s@puck.nether.net
> >http://puck.nether.net/mailman/listinfo/cisco-nsp
> >archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list real_name)s@puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list real_name)s@puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>