RE: user's priviledge

From: Jonathan V Hays (jhays@jtan.com)
Date: Mon May 26 2003 - 18:54:34 GMT-3

• Next message: Bob Arthurs: "OT - ntp on msfc ?"
• Previous message: Brian Dennis: "RE: How to block eMule? DO NOT BLOCK"
• Maybe in reply to: Tom Young: "user's priviledge"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Not true.

The "privilege" command can manipulate user privileges to a limited
extent without the aaa. Below is a working example.

The basic commands are enabled at all levels:
  <1-99> Session number to resume
  disable Turn off privileged commands
  enable Turn on privileged commands
  exit Exit from the EXEC
  help Description of the interactive help system
  logout Exit from the EXEC
 

= = = = =
hostname r5
!
username dog privilege 0 password 0 doghouse
!
privilege exec level 1 show
privilege exec level 0 exit
privilege exec level 0 sh int
privilege exec level 0 sh run
!
line vty 0 4
 login local
!

r6#
r6#telnet 137.20.64.5
Trying 137.20.64.5 ... Open

User Access Verification

Username: dog
Password:
r5>?
Exec commands:
  <1-99> Session number to resume
  disable Turn off privileged commands
  enable Turn on privileged commands
  exit Exit from the EXEC
  help Description of the interactive help system
  logout Exit from the EXEC
  show Show running system information

r5>show ?
  flash: display information about flash: file system
  interfaces Interface status and configuration
  running-config Current operating configuration
  sscop SSCOP

r5>

Sometimes IOS allows a few more commands than expected, as above (flash:
and sscop).

Hope that helps.

> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> Behalf Of Roberts, Larry
> Sent: Monday, May 26, 2003 12:57 PM
> To: 'Tom Young'; ccielab@groupstudy.com
> Subject: RE: user's priviledge
>
>
> You need to use the AAA authorization command, else the
> router doesn't look
> to see what you can and cant do.
>
>
> Thanks
>
> Larry
>
> -----Original Message-----
> From: Tom Young [mailto:gitsyoung@yahoo.co.jp]
> Sent: Monday, May 26, 2003 10:04 AM
> To: ccielab@groupstudy.com
> Subject: user's priviledge
>
>
> Hi, group
>
> I want to control a user's privilede so that it only
> could do some basic command like ping, I set the user as
>
> user cisco password cisco
> user cisco priviledge 0
> line vty 0 4
> login local
>
> But after I login with the user cisco, I still could do
> any thing other than ping, WHy?
>
> Thanks alot
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! BB is Broadband by Yahoo! http://bb.yahoo.co.jp/

• Next message: Bob Arthurs: "OT - ntp on msfc ?"
• Previous message: Brian Dennis: "RE: How to block eMule? DO NOT BLOCK"
• Maybe in reply to: Tom Young: "user's priviledge"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Jun 02 2003 - 15:13:48 GMT-3