[tac_plus] Re: How can I deny/permit ?
Alexander Czutka
aczutka at brocade.com
Fri Jan 30 20:27:24 UTC 2009
Hello Nathan,
it doesn´t work.
user = user2 {
# member = group2
# debug = REGEX
login = cleartext "user2"
enable = cleartext "user2"
cmd = show {
permit ip
deny "ip ospf"
}
# END
Regards,
Alexander
________________________________
Von: nschrenk at gmail.com [mailto:nschrenk at gmail.com] Im Auftrag von Nathan Schrenk
Gesendet: Freitag, 30. Januar 2009 21:14
An: Alexander Czutka
Cc: tac_plus at shrubbery.net
Betreff: Re: [tac_plus] How can I deny/permit ?
On 1/30/09, Alexander Czutka <aczutka at brocade.com> wrote:
Hello,
I´m trying to setup an authorization for a user.
The user should be allowed to do a:
- Show ip
- show ip route
But he shouldn´t execute the commands, which starts with:
- Show ip ospf
- Show ip pim
I tried this, but it didn´t work:
cmd = show {
permit ip
deny ip ospf
}
root at ubuntu-fdry:/# tac_plus -C /etc/tac_plus.conf
Error: expecting '}' but found 'ospf' on line 40
root at ubuntu-fdry:/#
Is this possible ?
Try putting quotes around the tokens:
cmd = show {
permit ip
deny "ip ospf"
}
Nathan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20090130/57a99efa/attachment.html
More information about the tac_plus
mailing list