[j-nsp] allow-command question
Nicolas Fevrier
nicolas.fevrier at telindus.fr
Mon Jul 28 15:23:34 EDT 2003
Hi group,
I'm having some trouble configuring restricted commands with
a user class : I would like to define a class that allows
only "show route..." and "quit".
I managed to make this working with :
class VIEW_ROUTE {
idle-timeout 3;
permissions view;
allow-commands "^show route";
deny-commands "^file|^help|^request|^set|^show|^test"
viewer_route at PARIS> show ?
Possible completions:
route Show routing table information
viewer_route at PARIS> ?
Possible completions:
quit Exit the management session
show Show information about the system
viewer_route at PARIS>
Considering the command line could change with a future junos upgrade,
I would like to deny "everything" then only allow this particular
commands "show route" or "quit".
class VIEW_ROUTE {
idle-timeout 3;
permissions view;
allow-commands "(^show route|quit)";
deny-commands .*;
}
viewer_route at PARIS> ?
Possible completions:
show Show information about the system
viewer_route at PARIS> show ?
Possible completions:
route Show routing table information
viewer_route at PARIS> quit
^
unknown command.
viewer_route at PARIS>
It's prolly a basic regex mistake but I can't make it working
properly... I tried :
"(show route | quit)", "show route | quit", "show route|quit"...
with no success...
Any idea where I'm wrong ?
Cheers,
Nicolas.
More information about the juniper-nsp
mailing list