The show diff-config command displays differences between the startup configuration and the running configuration.
Some information saved in the startup config, such as the public keys of wireguard peers, are not exposed to non-root users by the kernel. Relevant lines will not appear when regular users run 'show running-config'. This results in spurious differences where relevant lines appear in the diff as if they had been deleted from the running configuration. The displayed diff is wrong and misleading, and leaks information which the kernel attempts to hide from non-root users. The 'show diff-config' command is restricted to the root user for this reason. (At present, the default file permissions of /etc/nshrc and the 'show startup-config' command are likewise leaking such info and should probably be restricted to the root user, too.)
The show diff-config command displays differences between the startup configuration and the running configuration.
Some information saved in the startup config, such as the public keys of wireguard peers, are not exposed to non-root users by the kernel. Relevant lines will not appear when regular users run 'show running-config'. This results in spurious differences where relevant lines appear in the diff as if they had been deleted from the running configuration. The displayed diff is wrong and misleading, and leaks information which the kernel attempts to hide from non-root users. The 'show diff-config' command is restricted to the root user for this reason. (At present, the default file permissions of /etc/nshrc and the 'show startup-config' command are likewise leaking such info and should probably be restricted to the root user, too.)