I was about to say "We use TAC+", but since that's not what you're after... Your best bet would be parser views to do this. It'll give you the best control at the user level, without messing around with privilege levels. They're a bit of a PITA to setup, though.
https://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtclivws.html -----Original Message----- From: Rancid-discuss [mailto:[email protected]] On Behalf Of Dan Mahoney (Gushi) Sent: Wednesday, November 21, 2018 1:14 PM To: [email protected] Subject: [rancid] IOS topic: How to create a read-only user? Hey there, I log in to my cisco devices with SSH keys, but I don't think that matters for the purposes of this. I'd like to create a "rancid" user for my (cisco, primarily IOS classic) devices which has full privileges to do things like "show run", but that has no ability to change the configs. I know this is possible to do as part of Tacplus, but as I only have three or four devices, spinning up tacplus seems more complicated than need be. (This is why I mentioned ssh, just in case -- all my users have local privilege levels in the config). I'm sure this has been asked before, but my google-fu is failing me here. Bonus points if you know this for things like IOS-XR/XE or Junos. -- --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC FB: fb.com/DanielMahoneyIV LI: linkedin.com/in/gushi Site: http://www.gushi.org --------------------------- _______________________________________________ Rancid-discuss mailing list [email protected] http://www.shrubbery.net/mailman/listinfo/rancid-discuss _______________________________________________ Rancid-discuss mailing list [email protected] http://www.shrubbery.net/mailman/listinfo/rancid-discuss
