The privileges of an admin user can escalate their privileges for root access.
The following are
guidelines for escalating privileges:
-
admin privilege user (network-admin / vdc-admin) is equivalent of Linux root privilege user in NX-OS
-
Only an authenticated admin user can escalate privileges to root, and password is not required for an authenticated admin
privilege user.
-
Bash must be enabled before escalating privileges.
-
SSH to the switch using root
username through a non-management interface will default to Linux Bash shell-type access for the root user. Type vsh to return to NX-OS shell access.
NX-OS network administrator users must escalate to root to pass configuration commands to the NX-OS VSH if:
Run sudo su 'vsh -c "<configuration commands>"' or sudo bash -c 'vsh -c "<configuration commands>"'.
The following example demonstrates with network administrator user MyUser with a default shell type Bash using sudo to pass configuration commands to the NX-OS:ssh -l MyUser 1.2.3.4
-bash-4.2$ sudo vsh -c "configure terminal ; interface eth1/2 ; shutdown ; sleep 2 ; show interface eth1/2 brief"
--------------------------------------------------------------------------------
Ethernet VLAN Type Mode Status Reason Speed Port
Interface Ch #
--------------------------------------------------------------------------------
Eth1/2 -- eth routed down Administratively down auto(D) --
The following example demonstrates with network administrator user MyUser with default shell type Bash entering the NX-OS
and then running Bash on the NX-OS:
ssh -l MyUser 1.2.3.4
-bash-4.2$ vsh -h
Cisco NX-OS Software
Copyright (c) 2002-2016, Cisco Systems, Inc. All rights reserved.
Nexus 9000v software ("Nexus 9000v Software") and related documentation,
files or other reference materials ("Documentation") are
the proprietary property and confidential information of Cisco
Systems, Inc. ("Cisco") and are protected, without limitation,
pursuant to United States and International copyright and trademark
laws in the applicable jurisdiction which provide civil and criminal
penalties for copying or distribution without Cisco's authorization.
Any use or disclosure, in whole or in part, of the Nexus 9000v Software
or Documentation to any third party for any purposes is expressly
prohibited except as otherwise authorized by Cisco in writing.
The copyrights to certain works contained herein are owned by other
third parties and are used and distributed under license. Some parts
of this software may be covered under the GNU Public License or the
GNU Lesser General Public License. A copy of each such license is
available at
http://www.gnu.org/licenses/gpl.html and
http://www.gnu.org/licenses/lgpl.html
***************************************************************************
* Nexus 9000v is strictly limited to use for evaluation, demonstration *
* and NX-OS education. Any use or disclosure, in whole or in part of *
* the Nexus 9000v Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
***************************************************************************
switch# run bash
bash-4.2$ vsh -c "configure terminal ; interface eth1/2 ; shutdown ; sleep 2 ; show interface eth1/2 brief"
--------------------------------------------------------------------------------
Ethernet VLAN Type Mode Status Reason Speed Port
Interface Ch #
--------------------------------------------------------------------------------
Eth1/2 -- eth routed down Administratively down auto(D) --
Note
|
Do not use sudo su - or the system hangs.
|
The following example
shows how to escalate privileges to root and how to verify the escalation:
switch# run bash
bash-4.2$ sudo su root
bash-4.2# whoami
root
bash-4.2# exit
exit