Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
executing tac-pac/ show tech-support with network operator role is requesing password on 10.2.1 NXOS
privilege 1 by default for network operator role.
do not execute tac-pac/ show tech-support with network operator role. In 9.3(x), "Only the network administrator can escalate privileges to the root. As per the new security measures, a network operator (priv-1 user) is not allowed to collect show tech. Therefore, the enable command does not help to escalate the privileges." https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/93x/security/configuration/guide/b-cisco-nexus-9000-nx-os-security-configuration-guide-93x/b-cisco-nexus-9000-nx-os-security-configuration-guide-93x_chapter_0101.html
When executing tac-pac/ show tech-support with network operator role switch should respond as "Permission Denied" and should not throw errors or password at user. UI should prevent a network-operator from trying to run the command because allowing them to try results in a terrible customer experience. show user-account stxxxxx user: stxxxxx roles:network-operator account created through REMOTE authentication Credentials such as ssh server key will be cached temporarily only for this user account Local login not possible Show tech brief will take 4-6 minutes to complete. Please Wait ... Collecting show-tech from vdc 1 at Tue Jan 18 16:02:17 2022 /bin/mkdir: cannot create directory '/bootflash/tech-support-dir': Permission denied We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. Password: mv: cannot create regular file '/bootflash/tech-support-dir': Permission denied mv: cannot create regular file '/bootflash/tech-support-dir': Permission denied mv: cannot create regular file '/bootflash/tech-support-dir': Permission denied mv: cannot create regular file '/bootflash/tech-support-dir': Permission denied mv: cannot create regular file '/bootflash/tech-support-dir': Permission denied mv: cannot create regular file '/bootflash/tech-support-dir': Permission denied mv: cannot create regular file '/bootflash/tech-support-dir': Permission denied mv: cannot create regular file '/bootflash/tech-support-dir': Permission denied mv: cannot create regular file '/bootflash/tech-support-dir': Permission denied