[j-nsp] shell-based users

[Erdem Sener]

Hi,

 I would suggest a new login class with restricted permissions. Also,
under [system syslog] you could specify a file that will log any user
activity, including 'interactive-commands' of your choice.

 Erdem

On 6/30/05, Craig Pierantozzi <tozz at bind.com> wrote:
> How bout a looking glass?  I think there's lg code with
> rancid? Then non-engineers don't have to get into the
> router at all.  Just access the lg via browser.  If not
> a full blown looking glass than some cgi to give them
> web access to commands on the router but the access to the
> router is controlled behind the scenes.
> 
> regards
> 
> http://www.shrubbery.net/rancid/
> 
> On Jun 30, 2005, at 1:26 PM, Jason Rowley wrote:
> 
> 
> > I was asked to create a new user for non-engineers to have access to a
> > few simple commands such as ping and telnet. We don't want to give
> > them access to anything else, and we really don't want them exploring
> > on the routers.
> >
> > My idea was to see if we could create a script-based menu to only give
> > them access to what they need. I understand we can limit their
> > permissions, but want to be able to dump them right into the script
> > when they login.
> >
> > I thought I'd be able to add our script to /etc/shells, and create a
> > user with that shell in the master.passwd, however when we do anything
> > to rebuild the passwd database, something changes their shell back to
> > /usr/sbin/cli.
> >
> > Is there anyway to do this? Or do I have to create a new login class
> > and only permit them to access to shell?
> >
> > Thanks!
> > -j
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> >
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>