Junos OS

Hello all

I am attempting to allow a team in my company to view configurations and view file contents. I tested this on a vSRX image and it worked perfectly. However in production (ex9214) when a relevant team member attempted to view a file in /var/tmp/ they are given back the below error:

user@node-re0> file show /var/tmp/node-re0_POL_ICMP_PROBE_164236

error: could not open '/var/tmp/node-re0_POL_ICMP_PROBE_164236'

I am able to view this file's contents as a super-user. Below is the configuration for the team I am attempting to allow this for:

set system login class A-TEAM permissions maintenance
set system login class A-TEAM permissions network
set system login class A-TEAM permissions trace
set system login class A-TEAM permissions view
set system login class A-TEAM permissions view-configuration
set system login class A-TEAM allow-commands "request support information"
set system login class A-TEAM deny-commands "(start shell)|(request .*)"

Any assistance here would be much appreciated.

Many thanks

Daniel 

No takers then 😞

Could you please confirm the permissions for the file "/var/tmp/node-re0_POL_ICMP_PROBE_164236".

Hello Vishruth

Thank you very much for your response though I'm not sure I understand. 

Could you please confirm the permissions for the file "/var/tmp/node-re0_POL_ICMP_PROBE_164236".

Isn't "maintenace" enough for those files to be permissible?

Thanks

Daniel 

Add the following to your class to permit the file show command.

set system login class A-TEAM allow-commands "file show"

Hello Spuluka

Thank you also for your response. I am arranging a window to make the change in my organisation and will respond back when done. 

Cheers

Daniel 

i ran a quick test on one of my lab boxes and did have to add the line I specified above for the command to work for the user.  So maintenance was not enough without this.

Hello Spuluka

Yes, indeed you were correct and this has done the trick.

Many thanks for your help, it is much appreciated!!

Regards

Daniel