Forum Discussion

Surya_Kant_Pasa's avatar
Surya_Kant_Pasa
Icon for Altostratus rankAltostratus
Feb 10, 2022

Downloading config files using guest user

Hi Team,

Due to certain constarins we are able to get just "guest user" access to F5, We want to do the following:

1. Copy config files to the shared location,
    API: POST:https://xx.xx.xx.xx/mgmt/tm/util/bash/
    Payload : {"command": "run","utilCmdArgs": "-c \"cp /config/monitors/builtins/gtm_base_monitors.conf /shared/images/gtm_base_monitors.conf\""}
    Issue : Hence the guest user don't have previlage to access "/mgmt/tm/util/bash/" API, the files are not copied to shared location.

2. Download copied files:
API: GET:https://xx.xx.xx.xx/mgmt/cm/autodeploy/software-image-downloads/gtm_base_monitors.conf
Issue: This API is also not accessible for guest users and getting below exception,
"java.lang.SecurityException: Authorization failed"

Wanted to understand how this can be acheived with " Guest User" Access.

 

 

 

application delivery
File Access through Guest User

2 Replies

Sort By
  • JoshBecigneul's avatar
    JoshBecigneul
    Icon for MVP rankMVP
    Feb 10, 2022

    Hi Surya_Kant_Pasa ,

    I think this is not possible with only the guest role. Is this something that you would need to do periodically? It might be possible to use a cron task on the device and generate the file you want, then email it to some mail box as described here: https://community.f5.com/t5/technical-forum/steps-to-configure-cron-jobs-to-execute-commands-f5-big-ip-ltm/td-p/240992 

    If you only need it one time then you would likely either have to increase the role for your account, or ask someone with the appropriate access to obtain the file for you.

    Best Regards,
    Josh Becigneul

    • JRahm's avatar
      JRahm
      Icon for Admin rankAdmin
      Feb 11, 2022

       Surya_Kant_Pasa  Josh is correct, this is not possible without an admin role. What some companies have done is use BIG-IQ or build an intermediary application where those that need details can request something with limited scope, and that app, with proper permissions, can retrieve the details.