set permissions
Purpose
Used to set user permissions associated with various services and command-line interface (CLI) commands, or display current permission settings.
Use of this command varies according to the user model implemented in the Digi device. For Digi products with one or two users, this command does not apply. It does apply to Digi products with two or more users. To determine the user model implemented in your Digi product, see User Models and User Permissions in Digi devices for more information.
Use of command options also depends on the features implemented in Digi devices. For example, s‑ethernet is only supported in wired devices.
Some permissions keywords set for multiple commands, for example, the s-ppp permission keyword.
Permission descriptions
User permissions and their effects on commands are as follows.
|
Permission keyword |
Affect on command execution |
|
The command cannot be executed. |
|
|
The command can be executed. |
|
|
The user can execute the display portions for both commands if the user is logged in on the specified line. |
|
|
The user can execute the display portions for both commands for any line. |
|
|
The user can execute the display and set portions for both commands for any line. |
|
|
The user can execute the display and set portions for both commands if the user is logged in on the specified line. |
|
|
The user can execute the display portions for both commands for any line and the set portions for both commands if the user is logged in on the specified line. |
Commands without permissions
There are no permissions associated with the following commands:
- close
- exit
- help
- quit
Permissions for the “revert” command
For the revert command, the permissions associated with the various set commands are used, except for the revert all command variant, which uses a different mechanism that bypasses the individual set commands.
Permissions for the “show” commands
For the show command to display current device settings, the various set commands that configure the settings displayed by a “show” command must be set to either read or r-self, depending on the available permissions for the commands. “show smscell and show vpn have their own permissions, as stated in their command descriptions. See show smscell and show vpn.
Required permissions
For Digi products with two or more users, to use this command, permissions must be set to one of the following:
- For a user to display the permissions settings for the line on which they are logged in: set permissions s-permissions=r-self.
- For a user to display the permissions settings for any line: set permissions s‑permissions=read.
- For a user to display and set the permissions settings for the line on which they are logged in: set permissions s-permissions=rw-self.
- For a user to display the permissions settings for any line, and “set group” settings for the line on which the user is logged in: set permissions s‑permissions=w-self-r.
- For a user to display and set the permissions settings on any line: set permissions s-permissions=rw. When permissions are set to set permissions s‑permissions=rw, a user cannot set another user’s permission level higher than their own level, and they cannot raise their own permission level.
Syntax
Set permissions
set permissions [type={user|group}]
[{id=1-32|name={user name|group name}]
[backup={none|execute}]
[boot={none|execute}]
[buffers={none|r-self|read|rw-self|w-self-r|rw}]
[connect={none|execute}]
[dhcpserver={none|execute}]
[display={none|execute}]
[filesys={none|read|rw}]
[find-me={none|execute}]
[fw-update={none|execute}]
[iridium={none|execute}]
[kill={none|execute}]
[newpass={none|rw-self|rw}]
[orbcomm={none|execute}]
[ping={none|execute}]
[python-cmd={none|execute}]
[python-files={none|read|rw}]
[reconnect={none|execute}]
[revert-all={none|execute}]
[rlogin={none|execute}]
[s-accesscontrol={none|read|rw}]
[s-alarm={none|read|rw}]
[s-autoconnect={none|r-self|read|rw-self|w-self-r|rw}]
[s-bridge={none|read|rw}]
[s-camera={none|read|rw}]
[s-cert={none|read|rw}]
[s-dcloud-sms{none|read|rw}]
[s-ddnsupdater=={none|read|rw}]
[s-devicesecurity={none|read|rw}
[s-dhcpserver={none|read|rw}]
[s-dialserv={none|read|rw}]
[s-dnsproxy={none|read|rw}]
[s-ekahau={none|read|rw}]
[s-ethernet={none|read|rw}]
[s-gpio={none|read|rw}]
[s-gps-geofence={none|read|rw}]
[s-gps-static-position={none|read|rw}]
[s-group={none|r-self|read|rw-self|w-self-r|rw}]
[s-host={none|read|rw}]
[s-hostlist={none|read|rw}]
[s-ia={none|read|rw}]
[s-login={none|read|rw}]
[s-mesh={none|read|rw}]
[s-mgmtconnection={none|read|rw}]
[s-mgmtglobal={none|read|rw}]
[s-mgmtnetwork={none|read|rw}]
[s-net-failover={none|read|rw}]
[s-network={none|read|rw}]
[s-orbcomm={none|read|rw}]
[s-permissions={none|r-self|read|rw-self|w-self-r|rw}]
[s-pmodem={none|r-self|read|rw-self|w-self-r|rw}]
[s-ppp={none|read|rw}]
[s-profile={none|r-self|read|rw-self|w-self-r|rw}]
[s-python={none|read|rw}]
[s-rciserial={none|r-self|read|rw-self|w-self-r|rw}]
[s-router={none|read|rw}]
[s-rtc={none|read|rw}]
[s-rtstoggle={none|r-self|read|rw-self|w-self-r|rw}]
[s-scan-cloak={none|read|rw}]
[s-serial={none|r-self|read|rw-self|w-self-r|rw}]
[s-service={none|read|rw}]
[s-sharing={none|read|rw}]
[s-sms-cellular={none|read|rw}]
[s-snmp={none|read|rw}]
[s-socket-tunnel={none|read|rw}]
[s-system={none|read|rw}]
[s-tcpserial={none|r-self|read|rw-self|w-self-r|rw}]
[s-term={none|read|rw}]
[s-time-source={none|read|rw}]
[s-trace={none|read|rw}]
[s-udpserial={none|r-self|read|rw-self|w-self-r|rw}]
[s-user={none|r-self|read|rw-self|w-self-r|rw}]
[s-vpn={none|read|rw}]
[s-vrrp={none|read|rw}]
[s-wimax={none|read|rw}]
[s-wlan={none|read|rw}]
[status={none|read|rw}]
[telnet={none|execute}]
[vpn={none|execute}]
[webui={none|execute}
[who={none|execute}]
Display current permission settings
set permissions
Options
type={user|group}
Specifies whether the command applies to users or groups. This option defaults to user.
{id=1-32|name={user name|group name}}
Identifies the user or group for which permissions are set.
id=1-32
The ID or the range of IDs of the users or groups to be acted on. If omitted, the “name” option must be specified.
name={user name|group name}
The name of the user or group to be acted on. If omitted, the id option must be specified.
Permissions for the backup command. See backup .
Permissions for the boot command. See boot.
buffers={none|r-self|read|rw-self|w-self-r|rw}
Permissions for the display buffers and set buffer commands. See display buffers and set buffer.
Permissions for the connect command. See connect.
Permissions for the dhcpserver command. See dhcpserver.
Sets permissions for:
- All the display commands. One permission setting applies to all display command variants.
- flashdrv. See flashdrv.
- info ia. See info ia.
- info icmp. See info icmp.
info ip. See info ip.
- info iridium. See info iridium.
- info orbcomm. See info orbcomm.
- info serial. See info serial.
- info tcp. See info tcp.
- info time. See info time.
- info udp. See info udp.
- info wlan. See info wlan.
- info xbee. See info xbee.
Permissions for user access to the Digi device’s file system.
none
The user cannot access the file system.
read
The user can read the file system.
rw
The user can read and write the file system.
Permissions for the findme command. See findme.
Permissions” for Digi device firmware update, performed either by the boot load=tftp_host:file command and through the web interface Administration > Update Firmware page. This permission covers updating of both EOS and POST firmware files.
Permissions for the iridium command.See iridium.
Permissions for the kill command. See kill.
Permissions for the newpass command. See "newpass" on page 140.
none
The command cannot be executed.
rw-self
The user can set their own password.
rw
The user can set any user’s password.
Permissions for the orbcomm command. See orbcomm.
Permissions for the ping command. See ping.
Controls the user’s ability to directly run Python programs via the python command. See python. This permission is different from the one for executing Python programs via auto-start, which is configured by the set python command, and permissions controlled by the s‑python permission.
Controls access to Python programs in the Python directory for the Digi device.
Note This option does not control access to Python programs by a user accessing the Digi device through Remote Manager. Instead, this keyword allows for visibility to the Python programs.
none
The user has no visibility of or access to the Python directory for the Digi device.
read
The user can view files in the Python directory for the Digi device.
rw
The user can view, add, or remove files in the Python directory for the Digi device.
Permissions for the reconnect command. See reconnect.
Permissions for the revert all command. See revert.
Individual revert commands are governed by the permissions for that particular command, but revert all uses a different mechanism that bypasses the individual commands.
Permissions for the rlogin command. See rlogin.
s-accesscontrol={none|read|rw}
Permissions for the set accesscontrol command. See set accesscontrol.
Permissions for the set alarm command. See set alarm.
s-autoconnect={none|r-self|read|rw-self|w-self-r|rw}
Permissions for the set autoconnect command. See set autoconnect.
Permissions for the set passthrough command. See set passthrough.
Permissions for the set camera command. See set camera.
s-cert={none|read|rw}
Permissions for the certmgmt command. See certmgmt.
Permissions for the set dcloud_msgservice command. See set dcloud_msgservice.
s-ddnsupdater={none|read|rw}
Permissions for the set ddns command. See set ddns.
s-devicesecurity={no ne|read|rw}
Permissions for the set devicesecurity command. See set devicesecurity.
Permissions for the set dhcpserver command. See set dhcpserver.
Permissions for the set dialserv command. See set dialserv.
s-dnsproxy={none|read|rw
Permissions for the set dnsproxy command. See set dnsproxy.
Permissions for the set ekahau command. See set ekahau.
Permissions for the set ethernet command. See set ethernet.
Permissions for the set gpio command. See set gpio.
s-gps-geofence={none|read|rw}]
Permissions for the set geofence command. See set geofence.
s-gps-static-position={none|read|rw}]
Permissions for the “set position” command. See set position.
s-group={none|r-self|read|rw-self|w-self-r|rw}
Permissions for the set group command. See set group.
Permissions for the set host command. See set host.
s-hostlist={none|read|rw}
Permissions for the set hostlist command. See set hostlist.
Permissions for the set ia command. See set ia.
Permissions for the set login command. See set login.
s-mesh={none|read|rw}
Permissions for these commands
s-mgmtconnection={none|read|rw}
Permissions for the set mgmtconnection command. See set mgmtconnection.
Permissions for the set mgmtglobal command. See set mgmtglobal.
Permissions for the set mgmtnetwork command. See set mgmtnetwork .
Permissions for the set failover command. See set failover.
Permissions for these commands:
- set dirp. See set dirp.
- set network. See set network.
- set realport. See set realport.
s-orbcomm={none|read|rw}
Permissions for the set orbcomm command. See set orbcomm.
s-permissions={none|r-self|read|rw-self|w-self-r|rw}
Permissions for the set permissions command itself.
s-pmodem={none|r-self|read|rw-self|w-self-r|rw}
Permissions for the set pmodem command. See set pmodem.
Permissions for these commands:
- mobile_update. See mobile_update.
- provision. See provision.
- set mobile. See set mobile.
- set mobileppp. See set mobileppp.
- set ppp. See set ppp.
- set surelink. See set surelink.
s-profile={none|r-self|read|rw-self|w-self-r|rw}
Permissions for the set profile” command. See set profile.
Permissions for executing the set python command. See set python.
To set permissions for executing Python programs via the python command, use the python-cmd permission.To control user visibility to the Python directory on the Digi device, use the python-files permission.
Permissions for the set rciserial command. See set rciserial.
s-realport-usb={none|read|rw}
Permissions for these commands:
- set realport. See set realport.
- set dirp. See and set dirp.
Permissions for these commands
- set forwarding. See set forwarding.
- set nat.” See set nat.
s-rtc={none|read|rw}
Permissions for the set time command. See set time.
s-rtstoggle={none|r-self|read|rw-self|w-self-r|rw}
Permissions for the set rtstoggle command. See set rtstoggle.
Permissions for the set scancloak command. See set scancloak.
s-serial={none|r-self|read|rw-self|w-self-r|rw}
Permissions for these commands:
- set serial. See set serial.
- set switches. See set switches.
Permissions for the set service command. See set service.
s-sharing={none|read|rw}
Permissions for these commands that control the port sharing feature:
- revert sharing. See revert.
- set sharing. See set sharing.
- show sharing. See show.
s-sms-cellular={none|read|rw}
Permissions for all commands associated with Short Message Service (SMS) support, including:
- set smscell. See set smscell.
- show smscell. See show smscell.
- smscell. See smscell.
Permissions for the set snmp command. See set snmp.
s-socket-tunnel={none|read|rw}
Permissions for the set socket_tunnel command. See set socket_tunnel.
Permissions for the set system command. See set system.
s-tcpserial={none|r-self|read|rw-self|w-self-r|rw}
Permissions for the set tcpserial command. See set tcpserial.
Permissions for the set term command. See set term.
s-time-source={none|read|rw}
Permissions for these commands:
- set clocksource. See "set clocksource" on page 190.
- set time. See set time.
- set timemgmt. See set timemgmt.
s-trace={none|read|rw}
Permissions for the set trace command. See set trace.
s-udpserial={none|r-self|read|rw-self|w-self-r|rw}
Permissions for the set udpserial command. See set udpserial.
s-user={none|r-self|read|rw-self|w-self-r|rw}
Permissions for the set user command. See set user.
Permissions for the set vpn command. See set vpn.
Permissions for the set vrrp command. See set vrrp.
Permissions for the set wlan command. See set wlan.
Permissions for the status command. See status.
Permissions for these commands
Permissions for the vpn command. See vpn.
Permissions for access to the web interface for a Digi device.
none
The user cannot use the web interface.
execute
The user can access the web interface.
Permissions for the who command. See who.
Examples
Set user permissions
For user 1 defined in a Digi device, this command sets permissions for the newpass, set user, and set group commands to read-write:
#> set permissions id=1 newpass=rw s-user=rw s-group=rw
Set group permissions
For user group gurus, this command sets permissions for two commands: the newpass command is set to the rw-self permission and set user to the read permission.
#> set permissions type=group name=gurus newpass=rw-self s‑user=read
See also
- User Models and User Permissions in Digi devices
- revert: The revert auth command reverts the settings configured by set permissions.
- set user
- set group
- show: The show permissions command shows the current permissions settings in a Digi device.
PDF
