diff options
Diffstat (limited to 'debian/vyos-1x.postinst')
| -rw-r--r-- | debian/vyos-1x.postinst | 24 |
1 files changed, 15 insertions, 9 deletions
diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst index f3dc00b46..b43416152 100644 --- a/debian/vyos-1x.postinst +++ b/debian/vyos-1x.postinst @@ -1,4 +1,4 @@ -#!/bin/sh -e +#!/bin/bash # Turn off Debian default for %sudo sed -i -e '/^%sudo/d' /etc/sudoers || true @@ -29,6 +29,16 @@ do sed -i "/^# Standard Un\*x authentication\./i${PAM_CONFIG}" $file done +# We do not make use of a TACACS UNIX group - drop it +if grep -q '^tacacs' /etc/group; then + delgroup tacacs +fi + +# Both RADIUS and TACACS users belong to aaa group - this must be added first +if ! grep -q '^aaa' /etc/group; then + addgroup --firstgid 1000 --quiet aaa +fi + # Remove TACACS user added by base package - we use our own UID range and group # assignments - see below if grep -q '^tacacs' /etc/passwd; then @@ -37,6 +47,7 @@ if grep -q '^tacacs' /etc/passwd; then vyos_group=vyattaop while [ $level -lt 16 ]; do userdel tacacs${level} || true + rm -rf /home/tacacs${level} || true level=$(( level+1 )) done 2>&1 fi @@ -53,7 +64,7 @@ if ! grep -q '^tacacs' /etc/passwd; then level=0 vyos_group=vyattaop while [ $level -lt 16 ]; do - adduser --quiet --system --firstuid 900 --disabled-login --ingroup ${vyos_group} \ + adduser --quiet --system --firstuid 900 --disabled-login --ingroup users \ --no-create-home --gecos "TACACS+ mapped user at privilege level ${level}" \ --shell /bin/vbash tacacs${level} adduser --quiet tacacs${level} frrvty @@ -74,14 +85,9 @@ if ! grep -q '^tacacs' /etc/passwd; then done 2>&1 | grep -v 'User tacacs${level} already exists' fi - -if ! grep -q '^aaa' /etc/group; then - addgroup --firstgid 1000 --quiet aaa -fi - # Add RADIUS operator user for RADIUS authenticated users to map to if ! grep -q '^radius_user' /etc/passwd; then - adduser --quiet --firstuid 1000 --disabled-login --ingroup vyattaop \ + adduser --quiet --firstuid 1000 --disabled-login --ingroup users \ --no-create-home --gecos "RADIUS mapped user at privilege level operator" \ --shell /sbin/radius_shell radius_user adduser --quiet radius_user frrvty @@ -95,7 +101,7 @@ fi # Add RADIUS admin user for RADIUS authenticated users to map to if ! grep -q '^radius_priv_user' /etc/passwd; then - adduser --quiet --firstuid 1000 --disabled-login --ingroup vyattacfg \ + adduser --quiet --firstuid 1000 --disabled-login --ingroup users \ --no-create-home --gecos "RADIUS mapped user at privilege level admin" \ --shell /sbin/radius_shell radius_priv_user adduser --quiet radius_priv_user frrvty |