[j-nsp] allow-command question

Mourad BERKANE mourad.berkane at lambdanet.fr
Mon Jul 28 16:55:37 EDT 2003 

isn't it 

allow-commands "(^show route|^quit)";
deny-commands .*;

instead of 

isn't it allow-commands "(^show route|quit)";
deny-commands .*;

R/
Mourad


-----Message d'origine-----
De : Nicolas Fevrier [mailto:nicolas.fevrier at telindus.fr]
Envoyé : lundi 28 juillet 2003 14:24
À : juniper at groupstudy.com
Cc : juniper-nsp at puck.nether.net
Objet : [j-nsp] allow-command question


Hi group,

I'm having some trouble configuring restricted commands with
a user class : I would like to define a class that allows 
only  "show route..." and "quit".
I managed to make this working with :

class VIEW_ROUTE {
    idle-timeout 3;
    permissions view;
    allow-commands "^show route";
    deny-commands "^file|^help|^request|^set|^show|^test"

viewer_route at PARIS> show ?
Possible completions:
  route                Show routing table information
viewer_route at PARIS> ?
Possible completions:
  quit                 Exit the management session
  show                 Show information about the system
viewer_route at PARIS>


Considering the command line could change with a future junos upgrade,
I would like to deny "everything" then only allow this particular
commands "show route" or "quit".

        class VIEW_ROUTE {
            idle-timeout 3;
            permissions view;
            allow-commands "(^show route|quit)";
            deny-commands .*;
        }

viewer_route at PARIS> ?
Possible completions:
  show                 Show information about the system
viewer_route at PARIS> show ?
Possible completions:
  route                Show routing table information
viewer_route at PARIS> quit
                    ^
unknown command.

viewer_route at PARIS>

It's prolly a basic regex mistake but I can't make it working
properly... I tried :
"(show route | quit)", "show route | quit", "show route|quit"...
with no success...

Any idea where I'm wrong ?

Cheers,

Nicolas.





_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://puck.nether.net/pipermail/juniper-nsp/attachments/20030728/67700edb/attachment.htm

More information about the juniper-nsp mailing list