re-configured any other type of LI context system. Refer to the Lawful Intercept Configuration Guide
before attempting to create a Dedicated-LI context.
Figure 6: LI Context Configurations
In Release 21.4 and higher (Trusted builds only):
•
Users can only access the system through their respective context interface.
•
If the user attempts to log in to their respective context through a different context interface, that user
will be rejected.
•
Irrespective of whether the users are configured in any context with 'authorized-keys' or 'allowusers',
with this feature these users will be rejected if they attempt to log in via any other context interface other
than their own context interface.
•
Users configured in any non-local context are required to specify which context they are trying to log
in to. For example:
ssh username@ctx_name@ctx_ip_addrs
Restricting User Access to a Specified Root Directory
By default an admin user who has FTP/SFTP access can access and modify any files under the /mnt/user/
directory. Access is granted on an "all-or-nothing" basis to the following directories: /flash, /cdrom, /hd-raid,
/records, /usb1 and /usb2.
An administrator or configuration administrator can create a list of SFTP subsystems with a file directory and
access privilege. When a local user is created, the administrator assigns an SFTP subsystem. If the user's
authorization level is not security admin or admin, the user can only access the subsystem with read-only
privilege. This directory is used as the user's root directory. The information is set as environmental variables
passed to the openssh sftp-server.
You must create the SFTP root directory before associating it with local users, administrators and config
administrators. You can create multiple SFTP directories; each directory can be assigned to one or more users.
ASR 5500 System Administration Guide, StarOS Release 21.4
58
System Settings
Restricting User Access to a Specified Root Directory
To Next Page
Loading...
Need help?
General
