From 469267b21944e2469b0faf0bc1b54dad15b1bbcc Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Mon, 28 Aug 2023 21:24:14 +0200 Subject: Debian: T5521: both RADIUS and TACACS users belong to aaa group, add group first --- debian/vyos-1x.postinst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'debian') diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst index f3dc00b46..b0aefed33 100644 --- a/debian/vyos-1x.postinst +++ b/debian/vyos-1x.postinst @@ -29,6 +29,11 @@ do sed -i "/^# Standard Un\*x authentication\./i${PAM_CONFIG}" $file done +# Both RADIUS and TACACS users belong to aaa group - this must be added first +if ! grep -q '^aaa' /etc/group; then + addgroup --firstgid 1000 --quiet aaa +fi + # Remove TACACS user added by base package - we use our own UID range and group # assignments - see below if grep -q '^tacacs' /etc/passwd; then @@ -74,11 +79,6 @@ if ! grep -q '^tacacs' /etc/passwd; then done 2>&1 | grep -v 'User tacacs${level} already exists' fi - -if ! grep -q '^aaa' /etc/group; then - addgroup --firstgid 1000 --quiet aaa -fi - # Add RADIUS operator user for RADIUS authenticated users to map to if ! grep -q '^radius_user' /etc/passwd; then adduser --quiet --firstuid 1000 --disabled-login --ingroup vyattaop \ -- cgit v1.2.3