diff options
| -rw-r--r-- | debian/vyatta-cfg-system.postinst.in | 19 | ||||
| -rw-r--r-- | templates/system/host-name/node.def | 2 |
2 files changed, 18 insertions, 3 deletions
diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index 52004931..ad9c5fda 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -28,8 +28,23 @@ if [ "$sysconfdir" != "/etc" ]; then if ! grep -q '^%sudo ALL=NOPASSWD: ALL' /etc/sudoers; then echo -e "\n%sudo ALL=NOPASSWD: ALL" >> /etc/sudoers fi - - # for "users" level + + # Allow operator to do a limited number of commands without password + cat <<"EOF" >>/etc/sudoers +Cmnd_Alias IPTABLES = /sbin/iptables --list -n,\ + /sbin/iptables -Z *,\ + /sbin/iptables -L -vn,\ + /sbin/iptables -L * -vn,\ + /sbin/iptables -t * -L -vn +Cmnd_Alias IPFLUSH = /sbin/ip route flush cache, \ + /sbin/ip route flush cache *,\ + /sbin/ip neigh flush to *, \ + /sbin/ip neigh flush dev * +Cmnd_Alias ETHTOOLP = /usr/sbin/ethtool -p * +%operator ALL=NOPASSWD: /sbin/reboot, /sbin/date, IPTABLES, ETHTOOLP, IPFLUSH +EOF + + # for "users" level (FIXME) if ! grep -q "^%users ALL=NOPASSWD: ${bindir}/sudo-users/" /etc/sudoers; then echo -e "\n%users ALL=NOPASSWD: ${bindir}/sudo-users/" >> /etc/sudoers fi diff --git a/templates/system/host-name/node.def b/templates/system/host-name/node.def index 54ed9fef..1aba2174 100644 --- a/templates/system/host-name/node.def +++ b/templates/system/host-name/node.def @@ -1,7 +1,7 @@ type: txt help: Configure system host name default: "vyatta" -syntax:expression: pattern $VAR(@) "^[-a-zA-Z0-9.]+$" +syntax:expression: pattern $VAR(@) "^[[:alpha:]][-.[:alnum:]]*[[:alnum:]]$" ; "invalid host name $VAR(@)" update: sudo sh -c " \ hostname '$VAR(@)' |