Junos OS

Expand all | Collapse all

permissions

Jump to Best Answer
  • 1.  permissions

    Posted 04-23-2018 04:40

    Hello all

     

    I am attempting to allow a team in my company to view configurations and view file contents. I tested this on a vSRX image and it worked perfectly. However in production (ex9214) when a relevant team member attempted to view a file in /var/tmp/ they are given back the below error:

     

    user@node-re0> file show /var/tmp/node-re0_POL_ICMP_PROBE_164236

    error: could not open '/var/tmp/node-re0_POL_ICMP_PROBE_164236'

     

    I am able to view this file's contents as a super-user. Below is the configuration for the team I am attempting to allow this for:

     

    set system login class A-TEAM permissions maintenance
    set system login class A-TEAM permissions network
    set system login class A-TEAM permissions trace
    set system login class A-TEAM permissions view
    set system login class A-TEAM permissions view-configuration
    set system login class A-TEAM allow-commands "request support information"
    set system login class A-TEAM deny-commands "(start shell)|(request .*)"

     

    Any assistance here would be much appreciated.

     

    Many thanks

    Daniel 



  • 2.  RE: permissions

    Posted 05-05-2018 14:43

    No takers then 😞



  • 3.  RE: permissions

    Posted 05-06-2018 02:59

    Could you please confirm the permissions for the file "/var/tmp/node-re0_POL_ICMP_PROBE_164236".



  • 4.  RE: permissions

    Posted 05-09-2018 06:28

    Hello Vishruth

     

    Thank you very much for your response though I'm not sure I understand. 

     

    Could you please confirm the permissions for the file "/var/tmp/node-re0_POL_ICMP_PROBE_164236".

     

     

    Isn't "maintenace" enough for those files to be permissible?

     

    Thanks


    Daniel 



  • 5.  RE: permissions
    Best Answer

     
    Posted 05-06-2018 03:32

    Add the following to your class to permit the file show command.

    set system login class A-TEAM allow-commands "file show"

     



  • 6.  RE: permissions

    Posted 05-09-2018 06:29

    Hello Spuluka

     

    Thank you also for your response. I am arranging a window to make the change in my organisation and will respond back when done. 

     

    Cheers

    Daniel 



  • 7.  RE: permissions

     
    Posted 05-09-2018 13:46

    i ran a quick test on one of my lab boxes and did have to add the line I specified above for the command to work for the user.  So maintenance was not enough without this.

     



  • 8.  RE: permissions

    Posted 05-14-2018 06:01

    Hello Spuluka

     

    Yes, indeed you were correct and this has done the trick.

     

    Many thanks for your help, it is much appreciated!!

     

    Regards


    Daniel