From a8b91db168be36606391eb0b96af0ee4aaa6812f Mon Sep 17 00:00:00 2001 From: Dave Olson Date: Mon, 26 Feb 2018 09:52:09 -0800 Subject: Fixed exclude_users to work, added more users, alway skip tacacs[0-9]* Ticket: CM-19886 Reviewed By: nobody Testing Done: Somehow exclude_users wasn't implemented (or got deleted somewhere along the line). Make list match tacplus_client, except exclude our own mapped users by matching config items, and also skip any user starting with tacacs[0-9] inline instead of listing all 16 in exclude_users field in config file. Implemened for mapped_priv_user too, since that work is ongoing. Listed change in debian/changelog If debug is set to 2 or higher, print that the name lookup was skipped due to exclusion. --- nss_mapuser.conf | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'nss_mapuser.conf') diff --git a/nss_mapuser.conf b/nss_mapuser.conf index 5adf5e8..2685ac0 100644 --- a/nss_mapuser.conf +++ b/nss_mapuser.conf @@ -27,7 +27,10 @@ min_uid=1001 # that during pathname completion, bash can do an NSS lookup on "*" # To avoid server round trip delays, or worse, unreachable server delays # on filename completion, we include "*" in the exclusion list. -exclude_users=root,daemon,cron,cumulus,quagga,frr,man,ntp,radius_user,sshd,snmp,nobody,* +# User names starting with "tacacs[0-9]" are also ignored, in case the +# tacplus client packages are installed. User names matching +# the mapped_user and mapped_priv_user configuration fields are also ignored. +exclude_users=root,daemon,nobody,cron,sshd,cumulus,quagga,frr,snmp,www-data,ntp,man,* # Map all usernames to the radius_user account (use the uid, gid, shell, and # base of the home directory from the cumulus entry in /etc/passwd). -- cgit v1.2.3