diff options
| author | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2010-02-02 14:57:03 -0800 |
|---|---|---|
| committer | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2010-02-02 15:01:22 -0800 |
| commit | 868fb51d85439d2cb045cf810f23943c60c42c41 (patch) | |
| tree | e80ada760d114d3b20c3333281c0a3be698c2239 | |
| parent | 433feb9b22c62c236be6d7738591a6bb3a5ae9ae (diff) | |
| download | vyatta-cfg-quagga-868fb51d85439d2cb045cf810f23943c60c42c41.tar.gz vyatta-cfg-quagga-868fb51d85439d2cb045cf810f23943c60c42c41.zip | |
Run login update as root
Need ability to open file of new user (to load authorized key).
So move sudo to template.
| -rwxr-xr-x | lib/Vyatta/Login/User.pm | 21 | ||||
| -rw-r--r-- | templates/system/login/node.def | 2 |
2 files changed, 10 insertions, 13 deletions
diff --git a/lib/Vyatta/Login/User.pm b/lib/Vyatta/Login/User.pm index e0142b3f..b9e2ec98 100755 --- a/lib/Vyatta/Login/User.pm +++ b/lib/Vyatta/Login/User.pm @@ -81,11 +81,9 @@ sub _authorized_keys { chmod( 0750, $sshdir ); } - open( my $auth, '>', "$sshdir/authorized_keys" ); - unless ($auth) { - warn "open $sshdir/authorized_keys failed: $!"; - return; - } + my $keyfile = "$sshdir/authorized_keys"; + open( my $auth, '>', $keyfile) + or die "open $keyfile failed: $!"; print {$auth} "# Automatically generated by Vyatta configuration\n"; print {$auth} "# Do not edit, all changes will be lost\n"; @@ -96,7 +94,7 @@ sub _authorized_keys { } close $auth; - chmod( 0640, "$sshdir/authorized_keys" ); + chmod( 0640, $keyfile ); } sub _delete_user { @@ -104,15 +102,15 @@ sub _delete_user { if ( $user eq 'root' ) { warn "Disabling root account, instead of deleting\n"; - system('sudo usermod -p ! root') == 0 + system('usermod -p ! root') == 0 or die "usermod of root failed: $?\n"; } elsif ( getlogin() eq $user ) { die "Attempting to delete current user: $user\n"; } else { # This logs out user (so we can delete it) - system("sudo pkill -u $user"); + system("pkill -u $user"); - system("sudo userdel $user") == 0 + system("userdel $user") == 0 or die "userdel of $user failed: $?\n"; } } @@ -155,7 +153,6 @@ sub _update_user { $cmd = 'useradd -s /bin/vbash -m -N'; } else { # update existing account - # NB: can't skip because can't read original password $cmd = "usermod"; } @@ -163,7 +160,7 @@ sub _update_user { $cmd .= " -c \"$fname\"" if ( defined $fname ); $cmd .= " -d \"$home\"" if ( defined $home ); $cmd .= ' -G ' . join( ',', @groups ); - system("sudo $cmd $user"); + system("$cmd $user"); unless ( $? == 0 ) { my $reason = $reasons{ ( $? >> 8 ) }; @@ -217,7 +214,7 @@ sub update { warn "removing $user not listed in current configuration\n"; # Remove user account but leave home directory to be safe - system("sudo userdel $user") == 0 + system("userdel $user") == 0 or die "Attempt to delete user $user failed: $!"; } } diff --git a/templates/system/login/node.def b/templates/system/login/node.def index 47878e1e..c1330b0b 100644 --- a/templates/system/login/node.def +++ b/templates/system/login/node.def @@ -1,4 +1,4 @@ priority: 400 help: Set user access delete: echo 'All login methods can not be deleted' 1>&2; exit 1 -end: /opt/vyatta/sbin/vyatta_update_login.pl +end: sudo /opt/vyatta/sbin/vyatta_update_login.pl |