[c-nsp] Privilege levels and Secure ACS

Erdem Sener erdems at gmail.com
Mon Jul 4 15:49:26 EDT 2005


Hi,

 As far as I know any non-enable-privileged user is forbidden to use
eighter 'show run' and 'show config' commands, because of security
reasons.

 IOS fears that a user, that is normally not privileged to change the
configuration might use other means such as RW snmp community to do
modifications.

 I believe this is hard coded as well.

 Erdem

On 7/4/05, Serguei Bezverkhi <sbezverkhi at hotmail.com> wrote:
> Hi,
> 
> Why do not you use "show config" command??? Change its privilege level to
> the level you want.
> 
> HTH
> 
> Serguei
> 
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Jee Kay
> Sent: Monday, July 04, 2005 11:33 AM
> To: Kim Onnel
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Privilege levels and Secure ACS
> 
> On 7/4/05, Kim Onnel <karim.adel at gmail.com> wrote:
> > troublesome, i want the noc users to be able to show running-config,
> clear,
> > reload, ... and all the arguments for these commands, i used * and it
> worked
> > for all commands except for "sh run", i found my self having to add alot
> of
> > things.
> >
> > privilege exec level 2 show running-config
> 
> If you figure out how to make show running-config do something same
> for anyone who isn't priv 15, please do let the rest of us know :)
> 
> Here it just ends up showing empty configs, and I havn't the patience
> to go through giving 'privilege config' levels to every possible
> category - partly because it goes against the ethos of easy
> management, and mostly because when a new category is inevitably added
> I will miss it and my config backups will go poof.
> 
> Ras
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



More information about the cisco-nsp mailing list