Jump to content
Welcome to our new Citrix community!

Question about the read-only cmdPolicy


Ross Helfand

Recommended Posts

Hello,

 

I found a strange issue.  We have a couple of old NSMPXs running NS10.5, and we have some newer VPXs running NS13.0.

 

On both platforms, we have created a read-only user that we use for some reporting/automation.  If I login to either platform as our read-only user and run 'show ns runningConfig' at the CLI, I get:

ERROR: Not authorized to execute this command

 

Which is what I expect, based on the command policy regex which allows 'show' but not 'show ns runningConfig':

> show system cmdPolicy read-only
Command policy: read-only       Action: ALLOW
cmdspec: (^man.*)|(^show\s+(?!system)(?!configstatus)(?!ns ns\.conf)(?!ns savedconfig)(?!ns runningConfig)(?!gslb runningConfig)(?!audit messages)(?!techsupport).*)|(^stat.*)
 

What is confusing me, is that if I curl or browse to https://HOST/nitro/v1/config/runningconfig on the NSMPX, it returns the config.  But on the VPX I get "not authorized."

 

I realize I can create a new command policy or alter this one, it's just bugging me that I can't figure out why it works on MPX/10.5.

 

Thanks!

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...