Fixed exclude_users to work, added more users, alway skip tacacs[0-9]*

Ticket: CM-19886
Reviewed By:  nobody
Testing Done:

Somehow exclude_users wasn't implemented (or got deleted somewhere
along the line).

Make list match tacplus_client, except exclude our own mapped users
by matching config items, and also skip any user starting with
tacacs[0-9] inline instead of listing all 16 in exclude_users field
in config file.

Implemened for mapped_priv_user too, since that work is ongoing.
Listed change in debian/changelog

If debug is set to 2 or higher, print that the name lookup was skipped
due to exclusion.

1 files changed, 4 insertions, 1 deletions

diff --git a/nss_mapuser.conf b/nss_mapuser.conf
index 5adf5e8..2685ac0 100644
--- a/nss_mapuser.conf
+++ b/nss_mapuser.conf
@@ -27,7 +27,10 @@ min_uid=1001
 # that during pathname completion, bash can do an NSS lookup on "*"
 # To avoid server round trip delays, or worse, unreachable server delays
 # on filename completion, we include "*" in the exclusion list.
-exclude_users=root,daemon,cron,cumulus,quagga,frr,man,ntp,radius_user,sshd,snmp,nobody,*
+# User names starting with "tacacs[0-9]" are also ignored, in case the
+# tacplus client packages are installed.  User names matching 
+# the mapped_user and mapped_priv_user configuration fields are also ignored.
+exclude_users=root,daemon,nobody,cron,sshd,cumulus,quagga,frr,snmp,www-data,ntp,man,*
 
 # Map all usernames to the radius_user account (use the uid, gid, shell, and
 # base of the home directory from the cumulus entry in /etc/passwd).