From bd5e025253397e80787f2c21ebb95c67fa4e140d Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Mon, 27 Oct 2008 16:31:06 -0700 Subject: Allow more ethtool commands Bugfix 3832 Need to allow ethtool statistics for operator --- debian/vyatta-cfg-system.postinst.in | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index e9541dbe..a814df9c 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -55,11 +55,15 @@ Cmnd_Alias IPFLUSH = /sbin/ip route flush cache, \ /sbin/ip route flush cache *,\ /sbin/ip neigh flush to *, \ /sbin/ip neigh flush dev * -Cmnd_Alias ETHTOOLP = /usr/sbin/ethtool -p * +Cmnd_Alias ETHTOOL = /usr/sbin/ethtool -p *, \ + /usr/sbin/ethtool -S *, \ + /usr/sbin/ethtool -a *, \ + /usr/sbin/ethtool -c *, \ + /usr/sbin/ethtool -i * Cmnd_Alias DATE = /bin/date, /usr/sbin/ntpdate Cmnd_Alias PPPOE_CMDS = /sbin/pppd, /sbin/poff Cmnd_Alias PCAPTURE = /usr/bin/tshark, /usr/bin/tcpdump -%operator ALL=NOPASSWD: DATE, IPTABLES, ETHTOOLP, IPFLUSH, \ +%operator ALL=NOPASSWD: DATE, IPTABLES, ETHTOOL, IPFLUSH, \ PPPOE_CMDS, PCAPTURE, /usr/sbin/wanpipemon, /usr/bin/lsof EOF cat <>/etc/sudoers -- cgit v1.2.3 From 21b96894a7ad4e44838312668429cc5c670ee55b Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 28 Oct 2008 16:23:01 -0700 Subject: Fix standalone password reset Handle case of running in standalone where there is no /dev/tty. Handle both formats in configuration file Bugfix 3844 --- scripts/install-system | 2 +- scripts/standalone_root_pw_reset | 19 ++++++++----------- 2 files changed, 9 insertions(+), 12 deletions(-) diff --git a/scripts/install-system b/scripts/install-system index d755339d..e4464ede 100755 --- a/scripts/install-system +++ b/scripts/install-system @@ -856,7 +856,7 @@ copy_config () { set_encrypted_password() { sed -i \ - -e "/ user $1 {/,/}/s/encrypted-password .*\$/encrypted-password: \"$2\"/" $3 + -e "/ user $1 {/,/}/s/encrypted-password .*\$/encrypted-password \"$2\"/" $3 } change_password() { diff --git a/scripts/standalone_root_pw_reset b/scripts/standalone_root_pw_reset index 715c67fc..d089b50d 100755 --- a/scripts/standalone_root_pw_reset +++ b/scripts/standalone_root_pw_reset @@ -25,7 +25,7 @@ CF=/opt/vyatta/etc/config/config.boot set_encrypted_password() { sed -i \ - -e "/ user $1 {/,/}/s/encrypted-password .*\$/encrypted-password: \"$2\"/" $3 + -e "/ user $1 {/,/}/s/encrypted-password.*\$/encrypted-password \"$2\"/" $3 } change_password() { @@ -35,9 +35,9 @@ change_password() { until [ "$pwd1" == "$pwd2" ] do - read -p "Enter $user password:" -r -s pwd1 <>/dev/tty 2>&0 + read -p "Enter $user password: " -r -s pwd1 echo - read -p "Retype $user password:" -r -s pwd2 <>/dev/tty 2>&0 + read -p "Retype $user password: " -r -s pwd2 echo if [ "$pwd1" != "$pwd2" ] @@ -65,21 +65,18 @@ fi # OK, now we know we are running in standalone mode. Talk to the # user. # -echo "Do you wish to change the root password" -echo -n "to the original default value (vyatta)? (Yes/No) [No]: " -read response +read -p "Do you wish to change the root password? " response response=${response:0:1} if [ "$response" != "y" -a "$response" != "Y" ]; then - echo "OK, the root password will not be reset." + echo "OK, the root password will not be changed." echo -n "Rebooting in 5 seconds..." sleep 5 echo /sbin/reboot -f fi - -echo "Starting process to reset the root password..." +echo "Starting process to change the root password..." echo "Re-mounting root filesystem read/write..." mount -o remount,rw / @@ -94,10 +91,10 @@ fi echo "Saving backup copy of config.boot..." cp $CF ${CF}.before_pwrecovery -echo "Setting the root password..." - +echo change_password root +echo "Root password changed" echo $(date "+%b%e %T") $(hostname) "Root password changed" \ | tee -a /var/log/auth.log >>/var/log/messages -- cgit v1.2.3 From fea9248fdbe724e7e44b65e298a3f3290ba1b767 Mon Sep 17 00:00:00 2001 From: Bob Gilligan Date: Wed, 29 Oct 2008 16:44:31 -0700 Subject: Bugfix: 3841 Add admin level users to "disk" group so that they can execute RAID commands. --- scripts/system/vyatta_update_login.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/system/vyatta_update_login.pl b/scripts/system/vyatta_update_login.pl index dbe4e338..1f71434b 100755 --- a/scripts/system/vyatta_update_login.pl +++ b/scripts/system/vyatta_update_login.pl @@ -53,7 +53,7 @@ my %reasons = ( # Map of level to additional groups my %level_map = ( - 'admin' => [ 'quaggavty', 'vyattacfg', 'sudo', 'adm', 'dip', ], + 'admin' => [ 'quaggavty', 'vyattacfg', 'sudo', 'adm', 'dip', 'disk'], 'operator' => [ 'quaggavty', 'operator', 'adm', 'dip', ], ); -- cgit v1.2.3