Restricting User Access To A Specified Root Directory - Cisco ASR 5000 Series Administration Manual
Staros release 21.4
Hide thumbs
Also See for ASR 5000 Series:
- Product overview (992 pages) ,
- Installation manual (317 pages) ,
- Administration manual (234 pages)
Table of Contents
Advertisement
Restricting User Access to a Specified Root Directory
Figure 6: LI Context Configurations
In Release 21.4 and higher (Trusted builds only):
• Users can only access the system through their respective context interface.
• If the user attempts to log in to their respective context through a different context interface, that user
• Irrespective of whether the users are configured in any context with 'authorized-keys' or 'allowusers',
• Users configured in any non-local context are required to specify which context they are trying to log
Restricting User Access to a Specified Root Directory
By default an admin user who has FTP/SFTP access can access and modify any files under the /mnt/user/
directory. Access is granted on an "all-or-nothing" basis to the following directories: /flash, /cdrom, /hd-raid,
/records, /usb1 and /usb2.
An administrator or configuration administrator can create a list of SFTP subsystems with a file directory and
access privilege. When a local user is created, the administrator assigns an SFTP subsystem. If the user's
authorization level is not security admin or admin, the user can only access the subsystem with read-only
privilege. This directory is used as the user's root directory. The information is set as environmental variables
passed to the openssh sftp-server.
You must create the SFTP root directory before associating it with local users, administrators and config
administrators. You can create multiple SFTP directories; each directory can be assigned to one or more users.
ASR 5500 System Administration Guide, StarOS Release 21.4
58
re-configured any other type of LI context system. Refer to the Lawful Intercept Configuration Guide
before attempting to create a Dedicated-LI context.
will be rejected.
with this feature these users will be rejected if they attempt to log in via any other context interface other
than their own context interface.
in to. For example:
ssh username@ctx_name@ctx_ip_addrs
System Settings
Advertisement
Table of Contents
Troubleshooting
