From 0e5a90ad70edbcc6334f1737a6855d02f8ffd130 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 2 May 2021 15:53:32 +0200 Subject: radius: T3510: authenticated users must use /sbin/radius_shell as shell --- debian/vyos-1x.postinst | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'debian') diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst index 5fadddc86..8acc87cc8 100644 --- a/debian/vyos-1x.postinst +++ b/debian/vyos-1x.postinst @@ -11,7 +11,8 @@ fi # Add minion user for salt-minion if ! grep -q '^minion' /etc/passwd; then - adduser --quiet --firstuid 100 --system --disabled-login --ingroup vyattacfg --gecos "salt minion user" --shell /bin/vbash minion + adduser --quiet --firstuid 100 --system --disabled-login --ingroup vyattacfg \ + --gecos "salt minion user" --shell /bin/vbash minion adduser --quiet minion frrvty adduser --quiet minion sudo adduser --quiet minion adm @@ -27,7 +28,9 @@ fi # Add RADIUS operator user for RADIUS authenticated users to map to if ! grep -q '^radius_user' /etc/passwd; then - adduser --quiet --firstuid 1001 --disabled-login --ingroup users --gecos "radius user" --shell /bin/vbash radius_user + adduser --quiet --firstuid 1000 --disabled-login --ingroup vyattaop \ + --no-create-home --gecos "radius user" \ + --shell /sbin/radius_shell radius_user adduser --quiet radius_user frrvty adduser --quiet radius_user vyattaop adduser --quiet radius_user operator @@ -38,7 +41,9 @@ fi # Add RADIUS admin user for RADIUS authenticated users to map to if ! grep -q '^radius_priv_user' /etc/passwd; then - adduser --quiet --firstuid 1001 --disabled-login --ingroup vyattacfg --gecos "radius privileged user" --shell /bin/vbash radius_priv_user + adduser --quiet --firstuid 1000 --disabled-login --ingroup vyattacfg \ + --no-create-home --gecos "radius privileged user" \ + --shell /sbin/radius_shell radius_priv_user adduser --quiet radius_priv_user frrvty adduser --quiet radius_priv_user vyattacfg adduser --quiet radius_priv_user sudo -- cgit v1.2.3