JuniperSRX------------用户管理

这篇开始就是详细分块的笔记，我所有的博客，并不是教程，而是给自己看的笔记，所以并不是从零开始就能直接看懂的，有问题可以留言讨论。

--------------------------Juniper SRX 用户管理---------------------------

Juniper的命令，其实是比较形象的，英文稍微好一点，基本都能看懂

1、添加用户

root# set system login user ?                  
Possible completions:
  <user-name>          User name (login)

2、用户组设置

root# set system login user XXX class ?
Possible completions:
  <class>              Login class
  operator             permissions [ clear network reset trace view ]        //用于故障定位，但是看不了配置，也不能编辑
  read-only            permissions [ view ]            //只读   就是只能看看状态
  super-user           permissions [ all ]              //完全权限
  unauthorized         permissions [ none ]         //为radius做模板，没有任何权限，权限在radius里添加

根据不同用途给用户设置组

3、用户UID设置

root# set system login user XXX class read-only uid ?

Possible completions:
  <uid>                User identifier (uid) (100..64000)

4、root密码设置

初始话的时候，root的密码为空，必须设置一个root密码才能提交配置.

root# set system root-authentication plain-text-password         交互明文输入

或者

root# set system root-authentication encrypted-password ?     非交互密文输入
Possible completions:
  <encrypted-password>  Encrypted password string

例：root# set system root-authentication encrypted-password "xxxxxxxxxxdddddddddde"

双引号里就是一个MD5加密的值

这里不明白的看看之前一篇博客

5、给用户设置密码

root# set system login user XXX authentication plain-text-password

或者

root# set system login user XXX authentication encrypted-password "xxxxx"

6、自定义用户级别组

root# set system login class test ?
Possible completions:
  access-end           End time for remote access (hh:mm)
  access-start         Start time for remote access (hh:mm)
  allow-commands       Regular expression for commands to allow explicitly
  allow-configuration  Regular expression for configure to allow explicitly
+ allow-configuration-regexps  Object path regular expressions to allow
+ allowed-days         Day(s) of week when access is allowed.
+ apply-groups         Groups from which to inherit configuration data
+ apply-groups-except  Don't inherit configuration data from these groups
  deny-commands        Regular expression for commands to deny explicitly
  deny-configuration   Regular expression for configure to deny explicitly
+ deny-configuration-regexps  Object path regular expressions to deny
  idle-timeout         Maximum idle time before logout (minutes)
  login-alarms         Display system alarms when logging in
  login-script         Execute this login-script when logging in
  login-tip            Display tip when logging in
+ permissions          Set of permitted operation categories
  security-role        Common Criteria security role

可以自定义一个组，里面茫茫多的选项。。。。。。自己看看吧，反正我这里网络、服务器、桌面端、DBA就我一个人。。。。。。。。

7、查看当前用户权限

root> show cli authorization

好了  这篇就到这里