Junos OS

Expand all | Collapse all

how to use system login class super-user-local confirm-commands

Jump to Best Answer
  • 1.  how to use system login class super-user-local confirm-commands

    Posted 06-02-2019 02:21

     

    https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/confirm-command.html

    set system login class super-user-local confirm-commands?

    confirm-commands List of commands to be confirmed explicitly

     

    Statement introduced in Junos OS Release 16.1R1.

    Description

    To define commands to have a confirmation from the users before execution.

     

     

    can anyone give me an example of confirm-comands configuration? how to use this configuration? I do not understand it well. thanks so much 



  • 2.  RE: how to use system login class super-user-local confirm-commands
    Best Answer

     
    Posted 06-02-2019 10:26

    Hi Xinhui,

     

    Please refer the cli definition of confirm-commands knob:

     

    #set system login class test ?

    <snip>

    > confirm-commands List of commands to be confirmed explicitly

     

    As the cli definition suggests "confirm-commands" knob will help you to double confirm some commands before you actually commit/execute them.

     

    Please refer following example it will make things clear for you:

     

    test@chaos-re1> show configuration system login class test

    permissions all;

    confirm-commands request  {   

           confirm-request;                  

    }

     

    I want to double check before executing any commands that contains "request", you can use any regex.

     

    test@chaos-re1> show configuration system login user test

    uid 2002;

    class test;

    authentication {

            encrypted-password "$1$w9JT/1qk$wqUJrXn/j7jA03AzqxmTf/"; ## SECRET-DATA

    }

     

    test@chaos-re1> request chassis fpc slot 2 offline

    confirm-request [yes,no] (no) no

     

    test@chaos-re1# run request system storage cleanup

    confirm-request [yes,no] (no) no

     

    If this solves your question, please accept it as solution.

     

    Thanks & Regards

    Vishal Singh



  • 3.  RE: how to use system login class super-user-local confirm-commands

    Posted 06-02-2019 19:14

    can give me an example of configuration confirm-command? 

    I tested it not work.

     

    set system login class super-user-local confirm-commands firewall
    set system login class super-user-local confirm-commands "set firewall .*"

     

    I want to edit firewall configuration for double confirm. thanks so much



  • 4.  RE: how to use system login class super-user-local confirm-commands

     
    Posted 06-03-2019 09:20

    Hi Xinhui,

    Some commands when executed might have big impact in the network, such as:

     

    clear ospf database

    request fpc offline

    restart routing

     

    confirm-commands knob helps the user decide which commands are catastrophic and require explicit confirmation.

     

    This knob doesn't work with intentional configuration changes (set commands). With configuration change (set commands) user already has rollback and commit confirm options to bring the device back into original state.

     

    If I add following configuiration in the example I had shared in previous reply, the clear firewall will ask to confirm but set firewall will still work

     

    set system login class test confirm-commands firewall confirm-before-change-in-firewall

     

    test@chaos-re1# run clear firewall all

    confirm-before-change-in-firewall [yes,no] (no) no

     

    test@chaos-re1# set firewall family inet filter test101 term 1 then accept

    test@chaos-re1# commit

    commit complete

     

    Hope that makes things clear

    Thanks & Reagrds

    Vishal Singh



  • 5.  RE: how to use system login class super-user-local confirm-commands

    Posted 06-03-2019 23:08

    ok, thanks so much