Hi Dave
The default users have been added to snmpusm table for V3 user creation/cloning
which is internal to the SNMP Agent. But anyone who has rw/ro access to the
Snmpusm table will be able to view these internal users starting with
“defaultXXXX” as well. We want that when any operator accesses SNMPUSM table,
he should be able to view users that are created ( for example deepti1 in the
below case) but not the internal users/default users ( starting with
“defaultXXXXX”). In VACM terms, this implies creating a view where particular
rows belonging to a table can be accessed while some can be blocked. We want a
sample VACM configuration for the same.
Regards
Suresh
> Date: Tue, 4 Sep 2012 08:25:29 +0100
> Subject: Re: How to block read-write access to the default v3 users only
> From: d.t.shi...@liverpool.ac.uk
> To: skjaiswa...@hotmail.com
> CC: net-snmp-users@lists.sourceforge.net
>
> On 4 September 2012 08:15, Suresh kumar <skjaiswa...@hotmail.com> wrote:
> > We have added around 2 default users in the snmp persist file to enable v3
> > user creation/cloning through snmpusm utility.....
>
> > What VACM configuration should go into snmpd.conf to block
> > read-write access to the default users ONLY?
>
> That's looking at things the wrong way.
> You don't need any VACM configuration settings to block access.
> You need VACM configuration settings to *grant* access.
>
>
> > The user for example “deepti1” should be
> > accessible but not the users starting with “defaultXXXXXXX”.
>
> So use either
> rouser deepti1
> or
> rwuser deepti1
>
> (depending on whether this user should have read-only vs read-write)
>
> If there's no similar r{o,w}user line that refers to the defaultXXXX
> users (or an equivalent 'group' setting), then they won't have any access.
>
> Dave
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users