Supported Platforms
Changing the User Privilege Level for an Event Policy Action
Only superusers can configure event policies. Event policy actions—such as executing event scripts, uploading files, and executing operational mode commands—are by default executed by user root, because the event process (eventd) runs with root privileges.
In some cases, you might want an event policy action to be executed with restricted privileges. For example, suppose you configure an event policy that executes a script if an interface goes down. The script includes remote procedure calls (RPCs) to change the device configuration if certain conditions are present. If you do not want the script to change the configuration, you can execute the script with a restricted user profile. When the script is executed with a user profile that disallows configuration changes, the RPCs to change the configuration fail.
You can associate a user with each action in an event policy. If a user is not associated with an event policy action, then the action is executed as user root by default.
To specify the user under whose privileges an action is executed, include the user-name statement:
You can include this statement at the following hierarchy levels:
- [edit event-options policy policy-name then event-script filename]
- [edit event-options policy policy-name then execute-commands]
- [edit event-options policy policy-name then upload filename (filename | committed) destination destination-name]
 | Note: The username that you specify must be configured at the [edit system login] hierarchy level. For more information, see the Junos OS Administration Library for Routing Devices. |
For a configuration example, see Example: Associating an Optional User with an Event Policy Action.
