| Age | Commit message (Collapse) | Author |
|---|
|
If user exists in NSS (LDAP, TACACS+) but not on local machine,
then it can not be changed with CLI. useradd will fail (user exists),
and usermod will fail (can't find user in passwd file).
Bug 5249
|
|
Pass status to login update() which might be useful to handle
case when node is deleted.
|
|
|
|
Bug 4591
Consolidate check for telnet login
Don't remove /etc/securetty edit it
(cherry picked from commit c6c477f2ffb0f2fd4cf12882f22c2c44ab57cc46)
|
|
Bug 4494
(cherry picked from commit 7dc1c900184a629975b2e22e79c5dc44c494448e)
|
|
The login class manager must be called if login type is deleted.
Also skip updating if no changes to that login type.
(cherry picked from commit 1151679260e673f69bdb637fec7773b574f3c7b0)
|
|
The login modules aren't really objects (if Perl really had objects), so
just use dynamic invoke of update routine.
(cherry picked from commit 37ba59896d4c9ac5c914d1901d86ed7e7d844871)
|
|
Translate radius-server to Vyatta::Login::RadiusServer
(cherry picked from commit bf86040fef55fdb644b3670a9e1ec093e67df828)
|
|
|
|
Use a wrapper script in vyatta_update_login.pl and per login method
objects for the update.
|
|
|
|
Bug 4448
|
|
|
|
Since quagga uses local7, make it a real facility.
Allow local7 for compatiablity.
Bug 4263
|
|
1. User and Radius separate scripts
2. Tacacs (incomplete) moved to separate package
|
|
The new code was requiring full pathname, but old version was
using /var/log/user/<filename> so make new code work like old code.
|
|
Default fallback code was broken
Change to blocked out region for Vyatta config.
|
|
Do most of the work in the rewritten vyatta_update_syslog code.
Handle multiple facilities for same target without causing duplicate
log messages.
Never restart syslog daemon, just reload it and only if the configuration
has changed.
|
|
This reverts commit fd605ab5d4ce4aa4015089042afd90f6e5c6ba59.
|
|
Getting cumbersome with one big script.
|
|
|
|
Use 3 arg open.
|
|
Use of global loop variable, and open syntax.
|
|
|
|
On boot, there is no reason to add or modify a user account if already
exists in the system with same groups and settings.
|
|
|
|
Add admin level users to "disk" group so that they can execute RAID commands.
|
|
previous ones in /etc/syslog.conf
- multiple nodes configured under 'system syslog global' are appended to syslog.conf
- default '*.notice -/var/log/messages' is removed from syslog.conf if any
node is configured under 'system syslog global' and is put back when nothing
configured under 'system syslog global'
- syslog process only restarted once after making all changes in config
- added commit checks at 'system syslog <>' level nodes to specify facility
|
|
Add "admin" and "operator" level users to the "dip" group so that they
can execute CLI commands that bring up and take down PPP connections.
|
|
info in comments
- tighten check for updating resolv.conf for domain-names received from dhcp-server
|
|
|
|
|
|
'name-server' and 'domain-name-server' options
in /etc/resolv.conf received by a dhcp client for an interface
=> Modified name-server/node.def so as to have the name-server set by our CLI on the top of
/etc/resolv.conf to take priority over name-servers received from dhcp client
|
|
Manpage for useradd is incorrect, the option is -N not -n.
|
|
Change to use -n option to useradd:
A group having the same name as the user being added to the system
will be created by default (when -g is not specified). This option
will turn off this behavior. When this option is used, users by
default will be placed in whatever group is specified in the GROUP
variable of /etc/default/useradd. If no default group is defined,
group 100 (users) will be used.
|
|
Root (which uses bash) must be allowed, and probably want to
allow others as well. Better to add full shell support later
|
|
Rewrite the scripts that manage user accounts to:
1) use Posix standard useradd, userdel scripts rather than modifying
passwd/group files directly.
2) add home-directory field to account management
3) support adding accounts to additional groups
Note: this code should now also work with NIS since it has no direct
access to /etc/passwd.
|
|
Run script through perltidy to cleanup indentation
|
|
Put GPL license on this script
|
|
|
|
Replace references to VPL 1.0 with GPLv2
|
|
This is part of other permission fixes, it puts operators
into a group that can then be used for access control.
|
|
Add operator to group adm to allow reading log files without sudo.
This group is used allow reading files in /var/log so the operational
mode show log commands don't need sudo.
|
|
|
|
|
|
mutually exclusive. Generate an error message and refuse commit if both are specified. Bug 2256 fix.
|
|
$(@)' changes to update the 'search' params. Bug 2113 fix.
|
|
* "admin" => "users", "quaggavty", "vyattacfg", "sudo".
* "users" => "users", "quaggavty"
* use "sudo" group for sudo permissions.
* don't add "root" to /etc/group.
|
|
|
|
|
