[j-nsp] read-only config account, "rancid" user
Jonathan Lassoff
jof at thejof.com
Thu Feb 4 13:57:22 EST 2010
Excerpts from matthew zeier's message of Thu Feb 04 09:14:52 -0800 2010:
> Not clear how to create a dumbed down read-only user who can just view the config.
>
> In a Cisco world I'd use "privilege exec level" . In JunOS, a read-only class can't run "show configuration".
>
> What's the nugget of info I'm missing?
Define a system login class that includes the "view" and
"view-configuration" permissions. You could also explicitly place a
regexp in the class to allow certain CLI command patterns to be allowed.
This could be useful if you're also setting rancid to fetch things other
than the configuration.
For example:
system {
login {
class only-see-config {
permissions [ view view-configuration ];
}
user rancid {
class only-see-config;
authentication {
........
}
}
}
More information about the juniper-nsp
mailing list