From 0225aa7954236999d2ce110093378880ba7b65f4 Mon Sep 17 00:00:00 2001
From: Stig Thormodsrud <stig@vyatta.com>
Date: Tue, 26 Feb 2008 13:05:40 -0800
Subject: Fix 2877: Bridge group can not be assiged to vif sub interfaceZ
---
.../node.tag/vif/node.tag/bridge-group/bridge/node.def | 9 ++++-----
.../node.tag/vif/node.tag/bridge-group/cost/node.def | 4 ++--
.../ethernet/node.tag/vif/node.tag/bridge-group/node.def | 13 +++++++++++++
.../node.tag/vif/node.tag/bridge-group/priority/node.def | 4 ++--
4 files changed, 21 insertions(+), 9 deletions(-)
diff --git a/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/bridge/node.def b/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/bridge/node.def
index fffa0eeb..9c65ff16 100644
--- a/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/bridge/node.def
+++ b/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/bridge/node.def
@@ -1,12 +1,11 @@
type: txt
help: Add this interface to a bridge-group
-syntax:expression: exec " \
- if [ -z \"`sudo brctl show | grep $VAR(@) `\" ]; then \
+syntax:expression: exec " \
+ if [ -z \"`sudo brctl show | grep $VAR(@) `\" ]; then \
echo bridge interface $VAR(@) doesn\\'t exist on this system ; \
- exit 1 ; \
+ exit 1 ; \
fi ; "
-update:expression: "sudo brctl addif $VAR(@) $VAR(../../../../@).$VAR(../../@)"
-delete:expression: "sudo brctl delif $VAR(@) $VAR(../../../../@).$VAR(../../@)"
+delete:expression: "sudo brctl delif $VAR(@) $VAR(../../../@).$VAR(../../@)"
allowed: local -a array ;
array=( /sys/class/net/br* ) ;
echo -n ${array[@]##*/}
diff --git a/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/cost/node.def b/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/cost/node.def
index f3ae520f..ef2d9940 100644
--- a/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/cost/node.def
+++ b/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/cost/node.def
@@ -1,4 +1,4 @@
type: u32
help: Set the path cost for this port
-commit:expression: $VAR(../bridge/) != ""; "Must configure bridge interface"
-update:expression: "sudo brctl setpathcost $VAR(../../@) $VAR(@)"
+comp_help: possible completions:
+ <0-2147483647> Set port cost
diff --git a/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/node.def b/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/node.def
index fd392431..af1c0e85 100644
--- a/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/node.def
+++ b/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/node.def
@@ -1,2 +1,15 @@
help: Add this interface to a bridge group
commit:expression: $VAR(./bridge/) != ""; "Must set the bridge interface"
+create:expression: "sudo brctl addif $VAR(./bridge/@) $VAR(../../@).$VAR(../@)"
+delete:expression: "touch /tmp/eth-$VAR(../@)-bridge.$PPID"
+end:expression: "\
+ if [ -f \"/tmp/eth-$VAR(../@)-bridge.$PPID\" ]; then \
+ rm -f /tmp/eth-$VAR(../@)-bridge.$PPID; \
+ else \
+ if [ -n \"$VAR(./cost/@)\" ]; then \
+ sudo brctl setpathcost $VAR(./bridge/@) $VAR(../../@).$VAR(../@) $VAR(./cost/@); \
+ fi; \
+ if [ -n \"$VAR(./priority/@)\" ]; then \
+ sudo brctl setportprio $VAR(./bridge/@) $VAR(../../@).$VAR(../@) $VAR(./priority/@); \
+ fi; \
+ fi; "
diff --git a/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/priority/node.def b/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/priority/node.def
index 12200b72..8688c394 100644
--- a/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/priority/node.def
+++ b/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/priority/node.def
@@ -1,4 +1,4 @@
type: u32
help: Set the path priority for this port
-commit:expression: $VAR(../bridge/) != ""; "Must configure bridge interface"
-update:expression: "sudo brctl setportprio $VAR(../../@) $VAR(@)"
+comp_help: possible completions:
+ <0-255> Set port priority
--
cgit v1.2.3
From 3f90953b7705a59dbb41019bd69f924541607238 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen.hemminger@vyatta.com>
Date: Tue, 26 Feb 2008 14:50:27 -0800
Subject: add operator and admin to linux group adm
Add operator to group adm to allow reading log files without sudo.
This group is used allow reading files in /var/log so the operational
mode show log commands don't need sudo.
---
scripts/system/vyatta_update_login_user.pl | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/scripts/system/vyatta_update_login_user.pl b/scripts/system/vyatta_update_login_user.pl
index a059c227..0b847ff7 100755
--- a/scripts/system/vyatta_update_login_user.pl
+++ b/scripts/system/vyatta_update_login_user.pl
@@ -137,8 +137,8 @@ if ($user eq "-d") {
}
my %level_map = (
- 'admin' => [ 'users', 'quaggavty', 'vyattacfg', 'sudo', ],
- 'operator' => [ 'users', 'quaggavty', ],
+ 'admin' => [ 'users', 'quaggavty', 'vyattacfg', 'sudo', 'adm', ],
+ 'operator' => [ 'users', 'quaggavty', 'adm', ],
);
exit 4 if (!defined($user) || !defined($full) || !defined($encrypted)
|| !defined($level));
--
cgit v1.2.3
From b8300c77e22acb1569e15a4977be20ef3a7d5cfe Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen.hemminger@vyatta.com>
Date: Tue, 26 Feb 2008 16:25:06 -0800
Subject: add option to disable root login over ssh
See: https://bugzilla.vyatta.com/show_bug.cgi?id=2798 and
https://bugzilla.vyatta.com/show_bug.cgi?id=2806
---
templates/service/ssh/root-allowed/node.def | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
create mode 100644 templates/service/ssh/root-allowed/node.def
diff --git a/templates/service/ssh/root-allowed/node.def b/templates/service/ssh/root-allowed/node.def
new file mode 100644
index 00000000..8c5a6fd9
--- /dev/null
+++ b/templates/service/ssh/root-allowed/node.def
@@ -0,0 +1,19 @@
+type: bool
+help: Allow root login over ssh
+default: false
+help: Enable/disable root login
+update: if [ \"$VAR(@)\" == \"true\" ]; then
+ sudo ed - /etc/ssh/sshd_config <<-"EOF"
+ /^PermitRootLogin/s/no/yes/
+ wq
+ EOF
+ else
+ sudo ed - /etc/ssh/sshd_config <<-"EOF"
+ /^PermitRootLogin/s/yes/no/
+ wq
+ EOF
+ fi
+delete: sudo ed - /etc/ssh/sshd_config <<-"EOF"
+ /^PermitRootLogin/s/yes/no/
+ wq
+ EOF
--
cgit v1.2.3