Junos OS

Expand all | Collapse all

restrict user to use certain commands

Jump to Best Answer
  • 1.  restrict user to use certain commands

    Posted 03-23-2018 04:17


    On our company's SRX firwall, I want to create a USER who can only...

     logs in, change passwords of other users and save / commit it - that's all

    USER should not be allowed to run any other commands.

    Can someone please send me command line of how can i achieve it.


    we manage our FW through NSM, can I do via NSM ? If yes then want to know steps

    Thanks a lot.


  • 2.  RE: restrict user to use certain commands

    Posted 03-24-2018 04:27

    You will need to create the login class with your desired restrictions for this.




    Once you know the commands you want on the device.  In NSM you edit the SRX and navigate to the appropriate hierarchy:  system > login then add the login class restrictions and push it to the device.


  • 3.  RE: restrict user to use certain commands

    Posted 03-26-2018 07:08

    Hi - thanks for your reply. I want to know the command for changing user accounts passwords ?


  • 4.  RE: restrict user to use certain commands
    Best Answer

    Posted 03-27-2018 02:53

    The password is set using authentication plain-text-password


    Example for a user:  nocuser


    root@none# show system login                                                   
    user admin {
        uid 2000;
        class super-user;
        authentication {
            encrypted-password "$1$AfzYvY./$J5ITta.ellfOXC70tzq.L/"; ## SECRET-DATA
    user nocuser {
        class operator;
        authentication {
            encrypted-password "$1$Ij.hVU.i$cGmnJrVK7GWbwDeRXLalZ."; ## SECRET-DATA

    root@none# set system login user nocuser authentication plain-text-password