[c-nsp] Privilege levels and Secure ACS
Brett Looney
brett at looney.id.au
Mon Jul 4 20:13:15 EDT 2005
At 03:49 5/07/2005, you wrote:
> As far as I know any non-enable-privileged user is forbidden to use
>eighter 'show run' and 'show config' commands, because of security
>reasons.
>
> IOS fears that a user, that is normally not privileged to change the
>configuration might use other means such as RW snmp community to do
>modifications.
This is true (for "show running") and mentioned in the documentation
somewhere (can't find it right now). However, (as mentioned previously by
Serguei Bezverkhi) you can give people access to the "show config" and
"show startup" commands at privilege levels less than 15 so it's kind of
pointless...
B.
More information about the cisco-nsp
mailing list