Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

%Error opening nvram:/startup-config (Permission denied)

I'm getting an odd error, permission denied trying to issue "show config" at user level.  We use this throughout the environment with no issues.

IOS: System image file is "flash0:c2900-universalk9-mz.SPA.152-3.T.bin"

R1#sh run | i aaa

aaa new-model

aaa authentication login default group tacacs+ local

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization commands 1 default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa accounting commands 15 default stop-only group tacacs+

aaa session-id common

R1#sh run | i priv

privilege exec level 1 traceroute

privilege exec level 1 ping

privilege exec level 1 show logging

privilege exec level 1 show configuration

privilege exec level 1 show privilege

privilege exec level 1 show

R1#disable

R1>show config

Using 11855 out of 262136 bytes

%Error opening nvram:/startup-config (Permission denied)

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

%Error opening nvram:/startup-config (Permission denied)

You are indeed allowed to run the command (as evidenced by the fact that the command did run).

show config is effectively an alias for the command more nvram:startup-config

As a result, the issue is the permission on the file, not the command itself.

Unfortunately, the file systems do not explicitly support permissions.  This used to be implicitly supported through permissions on show config.

Perhaps this is a bug.  I'd open a case on this if you need really need this feature.

Silver

%Error opening nvram:/startup-config (Permission denied)

Hello,

I have been facing the same issue and have opened a case. Please find the answer I get from the TAC :

==============================================

This is intended by design as a security measure. Starting in newer releases of IOS, the privilege level for file system access has to be configured separately. There are two options to overcome this:

1) Run the command from the enable prompt.

2) Set the file system privilege level via the config command "file privilege 1".

==============================================

Hope that helps.

Best regards.

Karim

5 REPLIES
Cisco Employee

%Error opening nvram:/startup-config (Permission denied)

You are indeed allowed to run the command (as evidenced by the fact that the command did run).

show config is effectively an alias for the command more nvram:startup-config

As a result, the issue is the permission on the file, not the command itself.

Unfortunately, the file systems do not explicitly support permissions.  This used to be implicitly supported through permissions on show config.

Perhaps this is a bug.  I'd open a case on this if you need really need this feature.

New Member

%Error opening nvram:/startup-config (Permission denied)

Thank you Phillip.  I agree, I think this may be a bug.  I'm in the process of adding the customer contract to my CCO account to pursue a TAC case. I'll let the discussion boards know the outcome.  Thanks again.

Silver

%Error opening nvram:/startup-config (Permission denied)

Hello,

I have been facing the same issue and have opened a case. Please find the answer I get from the TAC :

==============================================

This is intended by design as a security measure. Starting in newer releases of IOS, the privilege level for file system access has to be configured separately. There are two options to overcome this:

1) Run the command from the enable prompt.

2) Set the file system privilege level via the config command "file privilege 1".

==============================================

Hope that helps.

Best regards.

Karim

New Member

%Error opening nvram:/startup-config (Permission denied)

Thanksfor your input.  Yes, Cisco TAC confirmed that there is a bug ID documenting this, CSCty30604.

New Member

I was running into the same

I was running into the same problem and solution for me was to not define the tftp path, so basically i kept typing the following:

copy crashinfo:... tftp:c:\temp

then IP

instead of;

copy crashinfo:... tftp:

with out the path because my tftp is configured to store everything in c:\temp

then IP, that worked for me.

hope it helps :)

9544
Views
15
Helpful
5
Replies