I am attempting to allow a team in my company to view configurations and view file contents. I tested this on a vSRX image and it worked perfectly. However in production (ex9214) when a relevant team member attempted to view a file in /var/tmp/ they are given back the below error:
user@node-re0> file show /var/tmp/node-re0_POL_ICMP_PROBE_164236
error: could not open '/var/tmp/node-re0_POL_ICMP_PROBE_164236'
I am able to view this file's contents as a super-user. Below is the configuration for the team I am attempting to allow this for:
set system login class A-TEAM permissions maintenanceset system login class A-TEAM permissions networkset system login class A-TEAM permissions traceset system login class A-TEAM permissions viewset system login class A-TEAM permissions view-configurationset system login class A-TEAM allow-commands "request support information"set system login class A-TEAM deny-commands "(start shell)|(request .*)"
Any assistance here would be much appreciated.
No takers then 😞
Could you please confirm the permissions for the file "/var/tmp/node-re0_POL_ICMP_PROBE_164236".
Thank you very much for your response though I'm not sure I understand.
Isn't "maintenace" enough for those files to be permissible?
Add the following to your class to permit the file show command.
set system login class A-TEAM allow-commands "file show"
Thank you also for your response. I am arranging a window to make the change in my organisation and will respond back when done.
i ran a quick test on one of my lab boxes and did have to add the line I specified above for the command to work for the user. So maintenance was not enough without this.
Yes, indeed you were correct and this has done the trick.
Many thanks for your help, it is much appreciated!!