RE: How to create a VACM view that blocks particular rows in a table

Tue, 04 Sep 2012 01:42:02 -0700 

 
Hi Dave
 
The default users have been added to snmpusm table for V3 user creation/cloning 
which is internal to the SNMP Agent. But anyone who has rw/ro access to the 
Snmpusm table will be able to view these internal users  starting with 
“defaultXXXX” as well. We want that when any operator accesses SNMPUSM table, 
he should be able to view users that are created ( for example deepti1 in the 
below case) but not the internal users/default users ( starting with 
“defaultXXXXX”). In VACM terms, this implies creating a view where particular 
rows belonging to a table can be accessed while some can be blocked. We want a 
sample VACM configuration for the same.
 
 
Regards
Suresh
 

> Date: Tue, 4 Sep 2012 08:25:29 +0100
> Subject: Re: How to block read-write access to the default v3 users only
> From: d.t.shi...@liverpool.ac.uk
> To: skjaiswa...@hotmail.com
> CC: net-snmp-users@lists.sourceforge.net
> 
> On 4 September 2012 08:15, Suresh kumar <skjaiswa...@hotmail.com> wrote:
> > We have added around 2 default users in the snmp persist file to enable v3
> > user creation/cloning through snmpusm utility.....
> 
> > What VACM configuration should go into snmpd.conf to block
> > read-write access to the default users ONLY?
> 
> That's looking at things the wrong way.
> You don't need any VACM configuration settings to block access.
> You need VACM configuration settings to *grant* access.
> 
> 
> > The user for example “deepti1” should be
> > accessible but not the users starting with “defaultXXXXXXX”.
> 
> So use either
> rouser deepti1
> or
> rwuser deepti1
> 
> (depending on whether this user should have read-only vs read-write)
> 
> If there's no similar r{o,w}user line that refers to the defaultXXXX
> users (or an equivalent 'group' setting), then they won't have any access.
> 
> Dave
                                          
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Reply via email to