Re: privelege level to allow only "show" commands

From: Ahmed Al-Ghawas (ghawas@batelco.com.bh)
Date: Mon Sep 02 2002 - 13:53:52 GMT-3

Omer,

Your are absolutely doing the right thing... I don't know of any other way
this can be accomplished, and believe that this is the only way.

You can either start from the lowest level (which has the least standard
commands) and add more commands, or start using a higher level (which has
more commands than the previous level) and add up more commands if you wish.

Guys,
Any comments?

Thanks,
Ahmed

----- Original Message -----
From: "Omer Ansari" <omer@ansari.com>
To: "Ahmed Al-Ghawas" <ghawas@batelco.com.bh>
Cc: <ccielab@groupstudy.com>
Sent: Monday, September 02, 2002 3:01 PM
Subject: Re: privelege level to allow only "show" commands

> Ahmed,
>
> had tried that, but that explicitly allows commands that you enter.
>
> i.e. this doesnt work:
> R1#sr | inc priv
> username cisco privilege 0 password 7 0822
> privilege exec level 0 show
>
> R9#telnet 1.1.1.1
> Username: cisco
> Password:
> R1>show ?
> call Show call
> dial-peer Dial Plan Mapping Table for, e.g. VoIP Peers
> flash: display information about flash: file system
> gateway Show status of gateway
> num-exp Number Expansion (Speed Dial) information
>
> R1>
>
>
>
> in other words if the requirements say "all show commands" and priv 0 was
> to be used, i would have to do the following:
>
> R1#sr | inc priv
> username cisco privilege 0 password 7 0822
> privilege exec level 0 show alps
> privilege exec level 0 show backup
> privilege exec level 0 show c2600
> privilege exec level 0 show call
> privilege exec level 0 show cca
> ...... [and the rest of the show commands that show up in regular normal
> user exec mode]
>
>
> and then:
>
> R9#telnet 1.1.1.1
> Username: cisco
> Password:
>
> R1>show ?
> alps Alps information
> backup Backup status
> c2600 Show c2600 information
> call Show call
> cca CCA information
> .....
>
> [and all the show commands i explicitly entered in level0 would show up]
>
>
> I'm sure there's a simpler way than this, if the requirement is possible
> at all!
>
> thanks,
> omer
>
>
>
> On Mon, 2 Sep 2002, Ahmed Al-Ghawas wrote:
>
> > Try using privilege 0 instead of 1 and then enable the commands you
require
> > at that level
> >
> > HTH
> >
> > Ahmed
> >
> > ----- Original Message -----
> > From: "Omer Ansari" <omer@ansari.com>
> > To: <ccielab@groupstudy.com>
> > Sent: Monday, September 02, 2002 3:59 AM
> > Subject: privelege level to allow only "show" commands
> >
> >
> > > All,
> > >
> > > doing a lab where theres a requirement to set a privelege level to
only
> > > allow show commands.
> > >
> > > researched the archive, as well as tried a few iterations, but even
for
> > > level1 i end up getting all sort of options other than show:
> > >
> > > R1(config)#username cisco privilege 1 nopassword
> > >
> > > R1#sr | inc (user|priv)
> > > username cisco nopassword
> > > privilege exec level 1 show
> > >
> > >
> > > then i try to telnet in remotely.
> > >
> > > R9#telnet 1.1.1.1
> > > ...
> > > Username: cisco
> > > R1>?
> > > Exec commands:
> > > <1-99> Session number to resume
> > > access-enable Create a temporary Access-List entry
> > > access-profile Apply user-profile to interface
> > > clear Reset functions
> > > ...
> > >
> > >
> > > I still have a choice of all the other commands as you can see..
> > >
> > >
> > > how can i configure R1, so that when I log in I get only this:
> > >
> > > R1>?
> > > Exec commands:
> > >
> > > show Show running system information
> > > exit ..
> > > [and other mandatory level0 commands]
> > >
> > > R1>
> > >
> > >
> > >
> > > regards,
> > > Omer
> > > _________________________________________________________________
> > > Commercial lab list: http://www.groupstudy.com/list/commercial.html
> > > Please discuss commercial lab solutions on this list.
> > _________________________________________________________________
> > Commercial lab list: http://www.groupstudy.com/list/commercial.html
> > Please discuss commercial lab solutions on this list.
> _________________________________________________________________
> Commercial lab list: http://www.groupstudy.com/list/commercial.html
> Please discuss commercial lab solutions on this list.

This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:43:41 GMT-3