On Fri, Apr 08, 2011 at 04:27:44PM +0200, Jan-Pieter Cornet wrote:
-----BEGIN PGP SIGNED MESSAGE----- Actually, if you give an account just the capabilities
"login-ssh,cli-options", then that account will ONLY be able to run the 'options' command (which will list all current option settings), and it will not be able to change any options.
That was what I tried first, but it doesn't seem to work.
# ssh testfiler useradmin user list monitor Name: monitor Info: Rid: 131075 Groups: Monitors Full Name: Allowed Capabilities: login-ssh,cli-options Password min/max age in days: 0/4294967295 Status: enabled
# ssh monitor@testfiler options autologout.telnet.timeout monitor@testfiler's password: autologout.telnet.timeout 60 # ssh monitor@testfiler options autologout.telnet.timeout 30 monitor@testfiler's password: # ssh monitor@testfiler options autologout.telnet.timeout monitor@testfiler's password: autologout.telnet.timeout 30
So with just those two privs, it can change settings.
Likewise with the SDK, you can enable specific functions, in your case api-options-list-info and possibly api-options-get.
Hmm. I didn't realize the different privs available there. Even though I have DFM and will probably use it for this task, I'm very interested in knowing how the SDK could enable this to happen.
Thanks!
-
A Darren Dunham