mirror of
https://git.proxmox.com/git/mirror_frr
synced 2025-07-28 20:59:47 +00:00
Merge pull request #489 from donaldsharp/sudoers
*: Remove ability to install frr_sudoers for 2.0
This commit is contained in:
Russ White
GitHub
commit
35f8fe3b32
@ -1,15 +0,0 @@
|
|||||||
Defaults env_keep += VTYSH_PAGER
|
|
||||||
|
|
||||||
# Allow user in group frr to run vtysh show commands
|
|
||||||
# without a password by uncommenting the "%frr" line below.
|
|
||||||
|
|
||||||
# Subshell commands need to be disallowed, including
|
|
||||||
# preventing the user passing command line args like 'start-shell'
|
|
||||||
# Since vtysh allows minimum non-conflicting prefix'es, that means
|
|
||||||
# anything beginning with the string "st" in any arg. That's a bit
|
|
||||||
# restrictive.
|
|
||||||
# Instead, use NOEXEC, to prevent any exec'ed commands.
|
|
||||||
|
|
||||||
Cmnd_Alias VTY_SHOW = /usr/bin/vtysh -c show *
|
|
||||||
# %frr ALL = (root) NOPASSWD:NOEXEC: VTY_SHOW
|
|
||||||
|
|
||||||
1
debian/frr.postinst
vendored
1
debian/frr.postinst
vendored
@ -15,7 +15,6 @@ frrvtygid=`egrep "^frrvty:" $GROUPFILE | awk -F ":" '{ print $3 }'`
|
|||||||
chown -R ${frruid}:${frrgid} /etc/frr
|
chown -R ${frruid}:${frrgid} /etc/frr
|
||||||
touch /etc/frr/vtysh.conf
|
touch /etc/frr/vtysh.conf
|
||||||
chgrp ${frrvtygid} /etc/frr/vtysh*
|
chgrp ${frrvtygid} /etc/frr/vtysh*
|
||||||
chmod 440 /etc/sudoers.d/frr_sudoers
|
|
||||||
chmod 644 /etc/frr/*
|
chmod 644 /etc/frr/*
|
||||||
|
|
||||||
ENVIRONMENTFILE=/etc/environment
|
ENVIRONMENTFILE=/etc/environment
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user