I’m trying to automate provisioning of CHR running on VDS (host based on xcp-ng XEN).
From the documentation https://wiki.mikrotik.com/wiki/Manual:CHR#XenI realized that I can use xenstore to pass some script to the virtual machine via path (‘vm-data/provision/script’).
I tried to pass this simple script to change the default admin password
user/set admin password=SuperDuperPass
and got the error “not enough permissions (9)”.
I can’t find any information on how to overcome this error or get permissions for this “provisioning” scenario.
reboot - policy that allows rebooting the router
read - policy that grants read access to the router’s configuration. All console commands that do not alter router’s configuration are allowed. Doesn’t affect FTP
write - policy that grants write access to the router’s configuration, except for user management. This policy does not allow to read the configuration, so make sure to enable read policy as well policy - policy that grants user management rights. Should be used together with the write policy. Allows also to see global variables created by other users (requires also ‘test’ policy).
test - policy that grants rights to run ping, traceroute, bandwidth-test, wireless scan, snooper, fetch, email and other test commands
sensitive - grants rights to change “hide sensitive” option, if this policy is disabled sensitive information is not displayed.
sniff - policy that grants rights to use packet sniffer tool.
@miku, thank you.
I know that for “stored” scripts I can put some privileges, but! as you can see from my post I do not store this script, I’m passing it via xenstore.
So virtual machine get and run it on fly without storing on hdd.
That is the problem.
I do not know from which user it starts and how to change privileges for it.