Support / Knowledge Base / Assigning a remote user to a specific shell on the CM and Passport.

Assigning a remote user to a specific shell on the CM and Passport.

A remote user is defined as a user that is authenticated remotely (radius, tacacs, etc).  This shows how to assign a specific shell to a remote user via the CLI of the CM and Passport. 

There are 1 of these 4 shells you can use:

--/bin/csm.master = Port access menu (vts.master on the CM)
--/bin/editconf = configmenu
--/bin/bash = CLI
--/bin/menu = Custom menu


The shell program will be set according to the following rules:

* If there is no 'radmin' local user, shell program will be the program of 'admin' user (configmenu by default).
* If there is an 'radmin' local user but the user ID is not equal to 499, shell program will be the program of 'admin' user.
* If there is an 'radmin' local user and the user ID is equal to 499, shell program will be the program of the 'radmin' user.

Example:


If you want to specify a shell program of a remote authenticated user, you need to add an 'radmin' user with UID 499 and GID 500 in the /etc/passwd and /etc/shadow files as follows:

/etc/passwd

root:x:0:0:root:/root:/bin/bash
admin:x:500:500::/tmp:/bin/editconf
nobody:x:99:100::/tmp:/bin/bash
radmin:x:499:500::/tmp:/bin/vts.master


/etc/shadow

root:$1$iKIP1Gfp$aMynJNMiRHkP/uXdACfFc/:13503:0:99999:7:::
admin:$1$EmO/EYfQ$HoAKW0CM/rqIEa/CDjM4i0:13503:0:99999:7:::
nobody:!:12205:0:99999:7:::
radmin:!:12205:0:99999:7:::

saveconf
applyconf


If there is an 'radmin' user with UID 499, you cannot add, remove or edit this user through the WEB UI.

Whichever shell you specify in /etc/passwd for radmin is what all your remote users will get once authenticated.

 


 
Last updated: Aug 08, 2017

Recently Viewed Articles

No recently viewed articles
Contact a Digi expert and get started today! Contact Us