Cisco Cisco Packet Data Interworking Function (PDIF)
System Settings
Configuring System Administrative Users ▀
ASR 5500 System Administration Guide, StarOS Release 18 ▄
63
Username: SAUser
Auth Level: secadmin
Last Login: Never
Login Failures: 0
Password Expired: Yes
Locked: No
Suspended: No
Lockout on Pw Aging: Yes
Lockout on Login Fail: Yes
Auth Level: secadmin
Last Login: Never
Login Failures: 0
Password Expired: Yes
Locked: No
Suspended: No
Lockout on Pw Aging: Yes
Lockout on Login Fail: Yes
Updating Local User Database
Update the local user (administrative) configuration by running the following Exec mode command. This command
should be run immediately after creating, removing or editing administrative users.
should be run immediately after creating, removing or editing administrative users.
update local-user database
Restricting User Access to a Specified Root Directory
By default an admin user who has FTP/SFTP access can access and modify any files under the /mnt/user/ directory.
Access is granted on an “all-or-nothing” basis to the following directories: /flash, /cdrom, /hd-raid, /records, /usb1 and
/usb2
Access is granted on an “all-or-nothing” basis to the following directories: /flash, /cdrom, /hd-raid, /records, /usb1 and
/usb2
An administrator or configuration administrator can create a list of SFTP subsystems with a file directory and access
privilege. When a local user is created, the administrator assigns an SFTP subsystem. If the user's authorization level is
not security admin or admin, the user can only access the subsystem with read-only privilege. This directory is used as
the user's root directory. The information is set as environmental variables passed to the openssh sftp-server.
privilege. When a local user is created, the administrator assigns an SFTP subsystem. If the user's authorization level is
not security admin or admin, the user can only access the subsystem with read-only privilege. This directory is used as
the user's root directory. The information is set as environmental variables passed to the openssh sftp-server.
You must create the SFTP root directory before associating it with local users, administrators and config administrators.
You can create multiple SFTP directories; each directory can be assigned to one or more users.
You can create multiple SFTP directories; each directory can be assigned to one or more users.
Configuring an SFTP root Directory
The subsystem sftp command allows the assignment of an SFTP root directory and associated access privilege level.
configure
context local
server sshd
subsystem sftp [ name sftp_name root-dir pathname mode { read-only |
readwrite } ]
readwrite } ]
Notes:
sftp_name is an alphanumeric string that uniquely identifies this subsystem.
pathname specifies the root directory to which SFTP files can be transferred. Options include:
/hd-raid/records/cdr
/flash