Jump to content
Welcome to our new Citrix community!

how to i enable shell access for non-admin users on the Netscaler

Jonathan Magnus

Recommended Posts

While you can create a command policy that Allows the users to execute "shell" from the CLI instead of the usual restrictions, once you grant them shell access you have no way to restrict where in the file system they can go or shell commands they can execute. They can view more then syslog, nslog directories as there is no command pattern filters for shell level commands.


Here's two other forum posts (one's linked in the others) on a variety of command policies to grant access:  https://discussions.citrix.com/topic/414820-citrix-adc-read-only-on-configuration-but-be-able-to-generate-and-download-trace-and-support-bundle/


But granting access to shell is risky because you can't restrict what else the user can do once they get to shell.


There isn't a non-root shell access for this context.

You can have them view logs through the GUI or external syslog reporting.

But once they have shell access, they can do upgrades, reboots, view and copy config files etc.


Link to comment
Share on other sites

  • 1 month later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...