Using command line tools with Cisco Secure ACS for Unix to modify groups

Posted on 2009-12-29
Last Modified: 2012-05-08
    I inherited an implementation of Cisco Secure ACS for Unix and I now have a need to create some additional groups.  These groups will be used to control access to certain routers and grant specific privilege levels.  
    I've tried using the Web GUI and I can seem to find where to set the priv-lvl attribute for "service - shell".  I have found the CLI utlities, I can view other profiles, but I can't figure out how to change a profile via the CLI UpdateProfile command.  Any assistance would be appreciated.
Question by:lbicher56
    LVL 19

    Expert Comment

    I don't think you can. What I would do is use the csutil command to dump the user db to a file, edit it and import back.

    Author Comment

    Thank you.  I will check this out.  

    However, would you know how to do this in the GUI?  The main thing I need to do is set the priv-lvl attribute and in the GUI I can't seem to find where I can get that.  Any documentation I find does not indicate how to set that.  I know it can be done, there were groups that already exist that use this.
    LVL 3

    Expert Comment

    You should be able to do if via the web GUI.

    If you edit a group its under TACACS+ but if you don't see it you may need to enable it.

    To enable the option go to 'Interface Configuration' > 'Advanced Options' and tick the boxes and then go back to the group and see if you see it.

    Unless you have got loads of users to add or modify the GUI is much easier.

    Hope this helps.

    LVL 3

    Accepted Solution

    Correction to above.

    To enable it go to 'Interface Configuration' > TACACS+ and you should see it under there to enable.

    If you don't see TACACS plus make sure you switches are set to use TACACS within ACS otherwise it won't show the option.

    To check if the are using TACACS go to a switch in the ACS and edit the entry and it should say TACACS under 'Authenticate Using'

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
    Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now