Restrict executable commands for an account

Question

Hi all, 
&nbsp;  
&nbsp; i have an script on a server, which must only enable/disable poolmembers of a specific pool. The user (which the script use) on the LTM should have no more rights than for this task. Is there an easy solution for this problem? 
&nbsp; If the user has operator-rights, he can read all objects in the partition. I can restrict the ssh-account with a tool like authprogs.pl, but IMHO its not a good solution... 
&nbsp;  
&nbsp; regards

the_bhattman · Answer

Have you looked at the samples section specifically iControls section 
&nbsp; http://devcentral.f5.com/wiki/default.aspx/iControl.CodeShare 
&nbsp;  
&nbsp; There might be scripts you can alter to suit your needs. 
&nbsp;  
&nbsp; CB 
&nbsp;  &nbsp;

stefan98_85555 · Answer

No, i found no script that helps to solve my problem. I think it is a problem with the configuration. Maybe there is a possibility to restrict the rights of a to the required actions.  
&nbsp;  
&nbsp; regards &nbsp;

the_bhattman · Answer

What version of LTM are you running?   
&nbsp;  
&nbsp; CB &nbsp;

stefan98_85555 · Answer

BIG-IP 9.4.5 Build 1086.1 Hotfix HF2

the_bhattman · Answer

Couldn't you create your objects in a separate partision and then assign a username to that partition? 
&nbsp;  &nbsp;

Forum Discussion

Restrict executable commands for an account

Recent Discussions

SNI Sites not taking correct certificate.

How to Renew F5 Device Certificate

irule to enable http/2 acceleration

Service discovery is not happening in AS3

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

Related Content

Office 365 Tenant Restrictions

WAF evasion techniques for Command Injection

ImageTragick - ImageMagick Remote Code Execution Vulnerability

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

Power of tmsh commands using Ansible

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS