How to limit the access of users to shell Exec in CSACS v5.1

Salvation;

I'm giving a user access to a single user on a switch (show interfaces) mode command.  I want to him refuse to enter Exec mode altogether.  The switch is configured as:

AAA authorization exec default group Ganymede + authenticated if
AAA authorization commands 1 default group Ganymede + authenticated if

In the v5.1 release CSACS profile of the user's shell has a default privilege of 1 and a maximum privilege to 1.  His set of the command show license interfaces and I explicitly refuse to see the (without arguments) and activate (without arguments).  In user mode, everything works well; the user can run only display Interfaces.  But he is able to enter can get in Exec mode and when in exec mode, he can enter any command exec-level (but user-level commands are still limited).

I thought just set its maximum 1 privilege would have worked.  Can anyone help?

Thank you!  Glenn

Glenn,

You must put this command

AAA authorization commands 15 default group Ganymede + authenticated if

Another router does not check permission of GBA. Orders that we issue in enable mode are priv 15, that's why we need this command.

Kind regards

~ JG

Note the useful messages!

Tags: Cisco Security

Similar Questions

  • How to block internet access to users on the local computer. The machine is sub domain control.

    How to block internet access to users on the local computer and the machine is in sub domain control.

    Hello

    Thanks for posting your query in Microsoft Community.

    Your question is beyond the scope of what is generally answered in this forum of consumer and would be better suited for the IT Pro TechNet public.

    Please post your question in the TechNet Forums.

  • How to limit the number of connection to DB

    Hello

    I just go to the topic of connection pooling.
    Here, I would like to understand the number of details of connections that already exists in the database.

    Kindly guide me to know the following details.

    How to know the number of connections available in the database?
    How to limit the number of connections?

    V_$ Resource_Limit contains details of the sessions. Is this even for connections?

    I have more clarification on the difference of connections and Sessions.

    Kindly tell me the above.

    Thank you
    Orahar.

    Orahar wrote:
    Hello

    I just go to the topic of connection pooling.
    Here, I would like to understand the number of details of connections that already exists in the database.

    Kindly guide me to know the following details.

    How to know the number of connections available in the database?

    The number of currently active sessions (db, internal sessions registered)

    SELECT COUNT (*)
    SESSION $ v

    How to limit the number of connections?

    to increase or decrease the maximum number of connections:

    for example: change processes control system = 200 scope = spfile;

    >

    V_$ Resource_Limit contains details of the sessions. Is this even for connections?

    I have more clarification on the difference of connections and Sessions.

    Connection means a user process is successfully connected to the listener to have a session on the database running instance. (listener who listen s new connection requests)
    Establish sessions: means, a (dedicated) server process began to serve a user process. It is done when the credentials of the user authenticated successfully. Now, from process-user shall communicate to the server process directly.

    hope that helps.

    Kind regards
    X.

  • How to limit the length of the EditText control?

    All,

    How to limit the length of an EditText to accept ONLY 3 characters.

    The editText.characters property defines a size by default, but the user can always type more than 3 characters in the field.

    I got it!!!

    var win = new Window("dialog", "Limit 3");
var txtLimit3 = win.add("edittext");
txtLimit3.characters = 5;

txtLimit3.onChanging = function (){
          howmany = txtLimit3.text;
          if (howmany.length > 3){
                    txtLimit3.text = "";
                    txtLimit3.textselection = howmany.slice(0,3)
                    }
          }

txtLimit3.active = true;
win.show();

  • How to disconnect the access code from my iPad 2

    How to disconnect the access code from my iPad 2

    What do you mean by "disconnect"? If you mean stop using an access code then settings > password (enter your current password) > disable password

  • How to limit the length of the texts on iOS9?

    Hello

    I just worked on why I am required by my mobile / cell phone provider EA.  They charge any text as a picture message / SMS, it is longer than 120 characters?  Does anyone know how to limit the length of the texts / SMS so that it is impossible to send a more 120 characters or create an alert so that you are aware of the number of characters in the text / sms?

    Thank you very much

    Hello Turnus123,

    Thank you for using communities of Apple Support.

    I see that you will have to pay for SMS more than 120 characters.  To help identify messages exceeds this amount, you can activate a number of characters in the message settings.  Simply go to settings > Messages and activate "number of characters".

    Message settings

    Take care.

  • I have a new time capsule airport. How to limit the search for who can use the time capsule backup process?

    I have a new time capsule airport. How to limit the search for who can use the time capsule backup process?

    Set a password to disk... disk tab in the utility... and just give to those you want to use the TC...

  • How to limit the media sharing on my computer

    Original title: multimedia file sharing...

    How to limit the sharing on my computer, IE multimedia: music, images and other files from other computers on the network or cell phones that are capable of DLNA?

    Hello

     
    Please check the links given and see if they help.

  • How to limit the email receipt/downloaded size?

    I need information on how to limit the size of an email received or downloaded in Windows Mail to reduce the cost of the enamel of satellite data. Want to just send and receive, especially to receive emails with no graphics and keep it small.

    Simply set up for this purpose a message rule: tools, Message rules, mail, new...
     
    Gary van, Microsoft MVP (Mail)
    ------------------------------------------------------

    "moosehuntingguy" wrote in the new message: * e-mail address is removed from the privacy... *
    I need information on how to limit the size of an email received or downloaded in Windows Mail to reduce the cost of the enamel of satellite data. Want to just send and receive, especially to receive emails with no graphics and keep it small.

    Gary van, MVP (Mail)

  • How to change the type of user account in the registry editor

    Hello.

    Can someone tell me how to change the type of user account in the registry editor

    Thanks in advance... :-)

    Kind regards
    Rambeau

    Hello.

    Can someone tell me how to change the type of user account in the registry editor

    Thanks in advance... :-)

    Kind regards
    Rambeau

    You can not. You need to do this via the control panel / accounts of users or via the command prompt. In both cases, you need to be logged in as an administrator account.

  • How to limit the number of printers can be installed on this computer by using Group Policy?

    How to limit the number of printers can be installed on this computer by using Group Policy?

    Hello

    Thanks for asking! If I understand correctly, you should limit the printers installed on the computer by using Group Policy. I suggest you follow the troubleshooting steps to check if this may help.

    The question you have posted is related to Technet and would be better suited to the Technet community. Please visit the link below to find a community that will provide the best support.
    http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer

  • How to find the number of users connected to the database of the level operating system (Linux)

    Hi all

    Could someone knows how to find the number of users connected to the database without connection with sql * more

    y at - it a command to find?

    example, we have 10 databases in a server, how to find the number of users connected to the special data base without connecting to database(v$session)?

    the Oracle version:-10g, 11g
    Operating system:-OEL4, OEL5, AIX, Solaris

    any help will be appreciated.

    Thanks in advance.

    Thank you.

    Kind regards
    Rajesh.

    but you can say total number of connection with the above given the command? It would also be useful to know.

    See you soon,.
    LKM

  • If I don't get creative cloud, how will limit the use of photoshop touch?

    If I don't get creative cloud, how will limit the use of photoshop touch?

    I don't think it will limit your work with PS Touch, but could enahnce it a little.

    Just try to free membership of 2 GB and find out:

    https://creative.Adobe.com/plans

    Thank you!

  • I can limit the access of the user to install after the program of programs?

    I have several users, each with their own LogIn on my XP Machine.  I have installed several programs and made available to all users.  Now, it turns out that it will be easier to make available some programs [for example Nokia PC Suite] to a single user.  Is it possible, now that the programs are already installed, to make them available only to one user?  Or do I need to uninstall programs and do a fresh install, then making them available to only a single user?

    If other programs are similar to your Nokia, I feel that what you really want to do is not limit their use but simply remove startup User Menus. No doubt Nokia program starts automatically for everyone and you don't want that.

    Right-click on the Start button and choose 'explore all users '. This will open the familiar Explorer of two components. Move the shortcut of Nokia on the folder all users and only in your own start Start Menu folder. If you do not see the other programs listed in the folder all users, open these programs while connected to each user account and set the Windows startup options of the program itself.

    If you need more information and/or I guessed wrong on what you want to do, please provide more details about what programs are involved, etc. MS - MVP - Elephant Boy computers - don't panic!

  • GANYMEDE +: how to limit the output of "show?" for a user?

    Hello

    On my server GANYMEDE +, I would like to configure a user so that when they do a "show?" command, it will list only the commands that they are allowed to do, instead of the entire list. I searched everywhere and couldn't find any info on this. Anyone know if this is possible? If so, how do you go?

    Thank you

    neocec

    privilege set up route ip level 5
    privilege exec level 5 set up

    AAA new-model
    !
    !
    AAA authentication login t-authentic group Ganymede + local
    AAA authentication login no.-authentic no
    authorization AAA console
    AAA authorization exec t-author group Ganymede +.
    AAA authorization exec no author no
    AAA authorization commands 5 t-author group Ganymede +.
    AAA authorization commands 15 t-author group Ganymede +.

    ACS config:

    shell command authorization set

    Give the name

    Add the show on the left column and add the show commands that you want to allow on the right column

    Go to the advanced user Ganymede priv MAx for any customer settings the value 5

    Under settings Ganymede, check the Shell (exec)

    privilege level 5

    Affect the shell command authorization set

Maybe you are looking for