Re: privilege level 1, get more options than i want

From: Gregory Gombas (ggombas@gmail.com)
Date: Tue Oct 16 2007 - 11:03:13 ART

I find it strange that privelege 1 has access to the reload
command...what happens when you try to execute a reload?

Also what happens when you type:
conf t
int loop 0

Perhaps it shows the interfaces but doesn't let you configure them?

On 10/15/07, Alex Steer <alex.steer@eison.co.uk> wrote:
> I'm doing a lab where I have been asked to configure a user that only
> has access to shut no shut on a specific interface. Some of the
> following has been put in automatically (I assume because I didn't
> configure the "privilege interface level 1 no" command) I have tried
> adding
>
> priv configure all level 15 interface
>
> priv configure level 1 interface serial 0/0
>
> but doesn't work
>
>
>
> privilege interface level 1 shutdown
>
> privilege interface level 1 no shutdown
>
> privilege interface level 1 no
>
> privilege configure all level 15 interface range
>
> privilege configure all level 1 interface
>
> privilege exec level 1 configure terminal
>
> privilege exec level 1 configure
>
> privilege exec all level 2 show
>
>
>
> anyway, when I login as the username test priv 1 I get loads of
> commands...
>
> ...
>
> ppp Start IETF Point-to-Point Protocol (PPP)
>
> pwd Display current working directory
>
> reload Halt and perform a cold restart
>
> rename Rename a file
>
> restart Restart Connection
>
> resume Resume an active network connection
>
> rlogin Open an rlogin connection
>
> rsh Execute a remote command
>
> sdlc Send SDLC test frames
>
> send Send a message to other tty lines
>
> setup Run the SETUP command facility
>
> show Show running system information
>
> slip Start Serial-line IP (SLIP)
>
> squeeze Squeeze a filesystem
>
> start-chat Start a chat-script on a line
>
> systat Display information about terminal lines
>
> tarp TARP (Target ID Resolution Protocol) commands
>
> tclquit Quit Tool Command Language shell
>
> tclsh Tool Command Language shell
>
> telnet Open a telnet connection
>
> terminal Set terminal line parameters
>
> test Test subsystems, memory, and interfaces
>
> tn3270 Open a tn3270 connection
>
> etc etc etc...
>
>
>
>
>
> when I conf t I don't get many commands
>
>
>
> Router(config)>?
>
> Configure commands:
>
> call Configure Call parameters
>
> default Set a command to its defaults
>
> dss Configure dss parameters
>
> end Exit from configure mode
>
> exit Exit from configure mode
>
> help Description of the interactive help system
>
> interface Select an interface to configure
>
> no Negate a command or set its defaults
>
>
>
>
>
> when I issue an "interface" command I get
>
>
>
> Router4(config)>interface ?
>
> Async Async interface
>
> BVI Bridge-Group Virtual Interface
>
> CTunnel CTunnel interface
>
> Dialer Dialer interface
>
> Ethernet IEEE 802.3
>
> Group-Async Async Group interface
>
> Loopback Loopback interface
>
> MFR Multilink Frame Relay bundle interface
>
> Multilink Multilink-group interface
>
> Null Null interface
>
> Serial Serial
>
> TokenRing IEEE 802.5
>
> Tunnel Tunnel interface
>
> Vif PGM Multicast Host interface
>
> Virtual-Template Virtual Template interface
>
> Virtual-TokenRing Virtual TokenRing
>
> range interface range command
>
>
>
> I only want to give access to serial0/0
>
>
>
> Anybody suggest what rubbish I have produced please?
>
>
>
> Thanks
>
>
>
> Alex
>
>
>
>
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> ______________________________________________________________________
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Fri Nov 16 2007 - 13:11:15 ART