Hi ,
I am trying to understand the privilege command on a PIX 6.3(5) . What i need is to create a user that can only do
-sh run
-sh log
-clear log
According to PIX doc;
"When users log in to the PIX Firewall, they can enter any command assigned to their privilege level or to lower privilege levels. For example, a user account with a privilege level of 15 can access every command because this is the highest privilege level. A user account with a privilege level of 0 can only access the commands assigned to level 0. "
So i did the following;
1-Create a user with privilege 5 username user5 password pass5 privilege 52-Modify privilege level of the mentionned command from 15 to 5 privilege show level 5 command running-config privilege show level 5 mode configure command logging privilege clear level 5 mode configure command logging
Now when i log in the PIX with this user
Username:user5 Password:********
I can still go in configuration mode and modify the config , i still have access to privilege 15 commands
Can anyone tell me what i am missing ?
thanks