Hi,
I have a question on the mask parameter in the vacm view access when it
is included and excluded. I am not sure whether my earlier email went out.
Sorry if this is a duplicate.
I apologize for the lengthy email.
The man page for snmpvacm says:
MASK A bit mask indicating which sub-identifiers of the associated sub-
tree OID should be regarded as significant.
As an example, the following is given:
snmpvacm localhost createSec2Group 3 wes ROGroup
snmpvacm localhost createView sysView system fe
snmpvacm localhost createAccess ROGroup 3 0 1 sysView none none
This creates a new security group named "ROGroup" containing the
(pre-
existing) user "wes", a new view "sysView" containing just the
OID tree
based on .iso(1).org(3).dod(6).inet(1).
mgmt(2).mib-2(1).system(1) , and
then allows those users in the group "ROGroup" (i.e. "wes")
read-access,
but not write-access to the view "sysView" (i.e. the system group).
This is an easy example as it does not have zero bits inside the mask.
I would like to know how would the following mask combinations work? I
tested it with net-snmp.5.5 on a host running redhat linux and the results
are not what I expected.
*Here is my setup:*
rouser wes noauth enterprises
createUser wes
group wes_grp usm wes
access wes_grp "" any auth exact wes_v none none
Only the view was changed in each instance and snmpd restarted and the view
was tested.
============================================================
*mibsubtree | include/exclude | mask | Results of
snmpwalk*
============================================================
1.3.6.1.4.1.8072 | include | nomask | (From
nsModuleName to nsVacmStatus)
view wes_v included 1.3.6.1.4.1.8072
1.3.6.1.4.1.8072 | include | FF | ditto
view wes_v included 1.3.6.1.4.1.8072 FF
1.3.6.1.4.1.8072 | include | F0 | ditto
view wes_v included 1.3.6.1.4.1.8072 F0
1.3.6.1.4.1.8072 | include | 84 | ditto
view wes_v included 1.3.6.1.4.1.8072 84
1.3.6.1.4.1.8072 | include | 40 | ditto
view wes_v included 1.3.6.1.4.1.8072 40
1.3.6.1.4.1.8072 | include | 10 | ditto
view wes_v included 1.3.6.1.4.1.8072 10
1.3.6.1.4.1.8072 | include | FF |
1.3.6.1.4.1.8072 | exclude | 44 | ditto
view wes_v included 1.3.6.1.4.1.8072 FF
view wes_v excluded 1.3.6.1.4.1.8072 44
============================================================
I would appreciate it if someone could explain the results. It would be very
helpful if someone could point to an article that explains the mask and how
it works.
Thanks in advance,
Fatima
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
