Updating Local-User Database; Restricting User Access To A Specified Root Directory; Configuring An Sftp Root Directory; Associating An Sftp Root Directory With A Local User - Cisco ASR 5500 Administration Manual
Asr 5500 system administration guide, staros release 19
Hide thumbs
Also See for ASR 5500:
- System administration manual (430 pages) ,
- Installation manual (192 pages) ,
- Installation procedure overview (6 pages)
Table of Contents
Advertisement
System Settings
Updating Local-User Database
Update the local-user (administrative) configuration by running the following Exec mode command. This
command should be run immediately after creating, removing or editing administrative users.
update local-user database
Restricting User Access to a Specified Root Directory
By default an admin user who has FTP/SFTP access can access and modify any files under the /mnt/user/
directory. Access is granted on an "all-or-nothing" basis to the following directories: /flash, /cdrom, /hd-raid,
/records, /usb1 and /usb2.
An administrator or configuration administrator can create a list of SFTP subsystems with a file directory and
access privilege. When a local user is created, the administrator assigns an SFTP subsystem. If the user's
authorization level is not security admin or admin, the user can only access the subsystem with read-only
privilege. This directory is used as the user's root directory. The information is set as environmental variables
passed to the openssh sftp-server.
You must create the SFTP root directory before associating it with local users, administrators and config
administrators. You can create multiple SFTP directories; each directory can be assigned to one or more users.
Configuring an SFTP root Directory
The subsystem sftp command allows the assignment of an SFTP root directory and associated access privilege
level.
configure
context local
server sshd
Notes:
• sftp_name is an alphanumeric string that uniquely identifies this subsystem.
• pathname specifies the root directory to which SFTP files can be transferred. Options include:
Associating an SFTP root Directory with a Local User
The local-user username command allows an administrator to associate an SFTP root directory with a
specified username.
configure
local-user username user_name authorization-level level ftp sftp-server sftp_name password
password
exit
subsystem sftp [ name sftp_name root-dir pathname mode { read-only | readwrite } ]
◦ /hd-raid/records/cdr
◦ /flash
Restricting User Access to a Specified Root Directory
ASR 5500 System Administration Guide, StarOS Release 19
43
Advertisement
Table of Contents
Troubleshooting
