Cisco Cisco Packet Data Gateway (PDG)
System Changes in Release 17
System and Platform Enhancements for Release 17.0 ▀
Release Change Reference, StarOS Release 17 ▄
623
System and Platform Enhancements for Release 17.0
This section identifies all of the system and platform enhancements included in this release:
Feature Changes – new or modified features or behavior changes. For details, refer to the System Administration Guide
for this release.
for this release.
Command Changes – changes to any of the CLI command syntax. For details, refer to the Command Line Interface
Reference for this release.
Reference for this release.
Performance Indicator Changes – new, modified, and deprecated bulk statistics, disconnect reasons, counters and/or
fields in new or modified schema and/or show command output. For details, refer to the Statistics and Counters
Reference for this release.
fields in new or modified schema and/or show command output. For details, refer to the Statistics and Counters
Reference for this release.
CSCtr45924 - root privileges for ftp-user, no restriction to specific ftp-directory
Applicable Products: All
Feature Changes
Restrict User Access to a Specified Root Directory
Previous Behavior: An admin user who has ftp/sftp access can access/modify any files under the /mnt/user/ directory.
Access is granted on an “all-or-nothing” basis to the following directories: /flash, /cdrom, /hd-raid, /records, /usb1 and
/usb2
Access is granted on an “all-or-nothing” basis to the following directories: /flash, /cdrom, /hd-raid, /records, /usb1 and
/usb2
New Behavior: If a customer has a user who needs read-only access to one of these directories or sub-directories, that
user can now be assigned with a root directory with read-only or read-write privilege.
user can now be assigned with a root directory with read-only or read-write privilege.
An administrator or configuration administrator can create a list of SFTP subsystems with a file directory and access
privilege. When a local user is created, the administrator assigns an SFTP subsystem. If the user's authorization level is
not security admin or admin, the user can only access the subsystem with read-only privilege. This directory is used as
the user's root directory. The information is set as environmental variables passed to the openssh sftp-server.
privilege. When a local user is created, the administrator assigns an SFTP subsystem. If the user's authorization level is
not security admin or admin, the user can only access the subsystem with read-only privilege. This directory is used as
the user's root directory. The information is set as environmental variables passed to the openssh sftp-server.
Command Changes
subsystem sftp
This command has been modified to allow the assignment of an SFTP root directory and associated access privilege
level.
level.
configure
context local
server sshd
subsystem sftp [ name sftp_name root-dir pathname mode { read-only | readwrite
} ]
} ]
Notes: