<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2654.45">
<TITLE>RE: [j-nsp] allow-command question</TITLE>
</HEAD>
<BODY>
<BR>
<P><FONT SIZE=2>isn't it </FONT>
</P>
<P><FONT SIZE=2>allow-commands "(^show route|^quit)";</FONT>
<BR><FONT SIZE=2>deny-commands .*;</FONT>
</P>
<P><FONT SIZE=2>instead of </FONT>
</P>
<P><FONT SIZE=2>isn't it allow-commands "(^show route|quit)";</FONT>
<BR><FONT SIZE=2>deny-commands .*;</FONT>
</P>
<P><FONT SIZE=2>R/</FONT>
<BR><FONT SIZE=2>Mourad</FONT>
</P>
<BR>
<P><FONT SIZE=2>-----Message d'origine-----</FONT>
<BR><FONT SIZE=2>De : Nicolas Fevrier [<A HREF="mailto:nicolas.fevrier@telindus.fr">mailto:nicolas.fevrier@telindus.fr</A>]</FONT>
<BR><FONT SIZE=2>Envoyé : lundi 28 juillet 2003 14:24</FONT>
<BR><FONT SIZE=2>À : juniper@groupstudy.com</FONT>
<BR><FONT SIZE=2>Cc : juniper-nsp@puck.nether.net</FONT>
<BR><FONT SIZE=2>Objet : [j-nsp] allow-command question</FONT>
</P>
<BR>
<P><FONT SIZE=2>Hi group,</FONT>
</P>
<P><FONT SIZE=2>I'm having some trouble configuring restricted commands with</FONT>
<BR><FONT SIZE=2>a user class : I would like to define a class that allows </FONT>
<BR><FONT SIZE=2>only "show route..." and "quit".</FONT>
<BR><FONT SIZE=2>I managed to make this working with :</FONT>
</P>
<P><FONT SIZE=2>class VIEW_ROUTE {</FONT>
<BR><FONT SIZE=2> idle-timeout 3;</FONT>
<BR><FONT SIZE=2> permissions view;</FONT>
<BR><FONT SIZE=2> allow-commands "^show route";</FONT>
<BR><FONT SIZE=2> deny-commands "^file|^help|^request|^set|^show|^test"</FONT>
</P>
<P><FONT SIZE=2>viewer_route@PARIS> show ?</FONT>
<BR><FONT SIZE=2>Possible completions:</FONT>
<BR><FONT SIZE=2> route Show routing table information</FONT>
<BR><FONT SIZE=2>viewer_route@PARIS> ?</FONT>
<BR><FONT SIZE=2>Possible completions:</FONT>
<BR><FONT SIZE=2> quit Exit the management session</FONT>
<BR><FONT SIZE=2> show Show information about the system</FONT>
<BR><FONT SIZE=2>viewer_route@PARIS></FONT>
</P>
<BR>
<P><FONT SIZE=2>Considering the command line could change with a future junos upgrade,</FONT>
<BR><FONT SIZE=2>I would like to deny "everything" then only allow this particular</FONT>
<BR><FONT SIZE=2>commands "show route" or "quit".</FONT>
</P>
<P><FONT SIZE=2> class VIEW_ROUTE {</FONT>
<BR><FONT SIZE=2> idle-timeout 3;</FONT>
<BR><FONT SIZE=2> permissions view;</FONT>
<BR><FONT SIZE=2> allow-commands "(^show route|quit)";</FONT>
<BR><FONT SIZE=2> deny-commands .*;</FONT>
<BR><FONT SIZE=2> }</FONT>
</P>
<P><FONT SIZE=2>viewer_route@PARIS> ?</FONT>
<BR><FONT SIZE=2>Possible completions:</FONT>
<BR><FONT SIZE=2> show Show information about the system</FONT>
<BR><FONT SIZE=2>viewer_route@PARIS> show ?</FONT>
<BR><FONT SIZE=2>Possible completions:</FONT>
<BR><FONT SIZE=2> route Show routing table information</FONT>
<BR><FONT SIZE=2>viewer_route@PARIS> quit</FONT>
<BR><FONT SIZE=2> ^</FONT>
<BR><FONT SIZE=2>unknown command.</FONT>
</P>
<P><FONT SIZE=2>viewer_route@PARIS></FONT>
</P>
<P><FONT SIZE=2>It's prolly a basic regex mistake but I can't make it working</FONT>
<BR><FONT SIZE=2>properly... I tried :</FONT>
<BR><FONT SIZE=2>"(show route | quit)", "show route | quit", "show route|quit"...</FONT>
<BR><FONT SIZE=2>with no success...</FONT>
</P>
<P><FONT SIZE=2>Any idea where I'm wrong ?</FONT>
</P>
<P><FONT SIZE=2>Cheers,</FONT>
</P>
<P><FONT SIZE=2>Nicolas.</FONT>
</P>
<BR>
<BR>
<BR>
<BR>
<P><FONT SIZE=2>_______________________________________________</FONT>
<BR><FONT SIZE=2>juniper-nsp mailing list juniper-nsp@puck.nether.net</FONT>
<BR><FONT SIZE=2><A HREF="http://puck.nether.net/mailman/listinfo/juniper-nsp" TARGET="_blank">http://puck.nether.net/mailman/listinfo/juniper-nsp</A></FONT>
</P>
</BODY>
</HTML>