From 9495c2381e74cf7e7cc7c12424bb6091eb9957ad Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen.hemminger@vyatta.com>
Date: Fri, 11 Sep 2009 09:00:42 -0700
Subject: User group fixes

Some changes to group interface:
  * don't allow vyattaop the new group used for operators
  * check for allowed syntax
  * add missing continuation on syntax check
---
 templates/system/login/user/node.tag/group/node.def | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/templates/system/login/user/node.tag/group/node.def b/templates/system/login/user/node.tag/group/node.def
index 4466c5de..77af8199 100644
--- a/templates/system/login/user/node.tag/group/node.def
+++ b/templates/system/login/user/node.tag/group/node.def
@@ -1,10 +1,13 @@
 multi:
 type: txt
 help: Set additional group membership
-syntax:expression: ! $VAR(@) in "quaggavty", "vyattacfg", "sudo", "adm", "operator" ;
-   "Use configuration level to change membership of operator and admin groups"
+syntax:expression: pattern $VAR(@) "^[a-zA-Z_][a-zA-Z0-9_-]*\\$?$"
+   ; "Invalid group name $VAR(@)"
+syntax:expression: ! $VAR(@) in \
+   "quaggavty", "vyattacfg", "vyattaop", "sudo", "adm", "operator" 
+   ; "Use configuration level to change membership of operator and admin groups"
 allowed: awk -F: '
-    $1 == "quaggavty" || $1 == "vyattacfg" || \
+    $1 == "quaggavty" || $1 == "vyattacfg" || $1 == "vyattaop" || \
     $1 == "sudo" || $1 == "adm" || $1 == "operator" { next; }
     		{printf "%s ", $1}' </etc/group
 comp_help: Enter group name or numerical group id
-- 
cgit v1.2.3