cancel
Showing results for 
Search instead for 
Did you mean: 

Downloading config files using guest user

Surya_Kant_Pasa
Altostratus
Altostratus

Hi Team,

Due to certain constarins we are able to get just "guest user" access to F5, We want to do the following:

1. Copy config files to the shared location,
    API: POST:https://xx.xx.xx.xx/mgmt/tm/util/bash/
    Payload : {"command": "run","utilCmdArgs": "-c \"cp /config/monitors/builtins/gtm_base_monitors.conf /shared/images/gtm_base_monitors.conf\""}
    Issue : Hence the guest user don't have previlage to access "/mgmt/tm/util/bash/" API, the files are not copied to shared location.

2. Download copied files:
API: GET:https://xx.xx.xx.xx/mgmt/cm/autodeploy/software-image-downloads/gtm_base_monitors.conf
Issue: This API is also not accessible for guest users and getting below exception,
"java.lang.SecurityException: Authorization failed"

Wanted to understand how this can be acheived with " Guest User" Access.

 

 

 

2 REPLIES 2

Hi @Surya_Kant_Pasa ,

I think this is not possible with only the guest role. Is this something that you would need to do periodically? It might be possible to use a cron task on the device and generate the file you want, then email it to some mail box as described here: https://community.f5.com/t5/technical-forum/steps-to-configure-cron-jobs-to-execute-commands-f5-big-... 

If you only need it one time then you would likely either have to increase the role for your account, or ask someone with the appropriate access to obtain the file for you.

Best Regards,
Josh Becigneul

 @Surya_Kant_Pasa  Josh is correct, this is not possible without an admin role. What some companies have done is use BIG-IQ or build an intermediary application where those that need details can request something with limited scope, and that app, with proper permissions, can retrieve the details.