From db8ec5fec7d231a5dec537d0bc82ddb3f7c3dbc0 Mon Sep 17 00:00:00 2001 From: Stig Thormodsrud Date: Fri, 14 Nov 2008 12:27:47 -0800 Subject: Fix 3918: Operator level users require sudo permission for ipv6 clear commands --- debian/vyatta-cfg-system.postinst.in | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'debian/vyatta-cfg-system.postinst.in') diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index dff04293..5bd37e29 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -54,7 +54,11 @@ Cmnd_Alias IPTABLES = /sbin/iptables --list -n,\ Cmnd_Alias IPFLUSH = /sbin/ip route flush cache, \ /sbin/ip route flush cache *,\ /sbin/ip neigh flush to *, \ - /sbin/ip neigh flush dev * + /sbin/ip neigh flush dev * \ + /sbin/ip -f inet6 route flush cache, \ + /sbin/ip -f inet6 route flush cache *,\ + /sbin/ip -f inet6 neigh flush to *, \ + /sbin/ip -f inet6 neigh flush dev * Cmnd_Alias ETHTOOL = /usr/sbin/ethtool -p *, \ /usr/sbin/ethtool -S *, \ /usr/sbin/ethtool -a *, \ -- cgit v1.2.3 From 730ece6544cd2c350cac3740ef2a7db10cd37987 Mon Sep 17 00:00:00 2001 From: Stig Thormodsrud Date: Fri, 14 Nov 2008 12:48:29 -0800 Subject: Fix 3920: Operator level users require sudo permission for nat translation monitor commands --- debian/vyatta-cfg-system.postinst.in | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'debian/vyatta-cfg-system.postinst.in') diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index 5bd37e29..8cc0682a 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -68,7 +68,8 @@ Cmnd_Alias DATE = /bin/date, /usr/sbin/ntpdate Cmnd_Alias PPPOE_CMDS = /sbin/pppd, /sbin/poff, /usr/sbin/pppstats Cmnd_Alias PCAPTURE = /usr/bin/tshark, /usr/bin/tcpdump %operator ALL=NOPASSWD: DATE, IPTABLES, ETHTOOL, IPFLUSH, \ - PPPOE_CMDS, PCAPTURE, /usr/sbin/wanpipemon, /usr/bin/lsof + PPPOE_CMDS, PCAPTURE, /usr/sbin/wanpipemon, \ + /usr/bin/lsof, /usr/sbin/conntrack EOF cat <>/etc/sudoers %users ALL=NOPASSWD: ${bindir}/sudo-users/ -- cgit v1.2.3 From 7ac74ee7b28318375f684bad0e29d808d6e53ccb Mon Sep 17 00:00:00 2001 From: Stig Thormodsrud Date: Sun, 16 Nov 2008 11:31:58 -0800 Subject: Fix 3929: Operator level user now need sudo password to run "clear arp interface" --- debian/vyatta-cfg-system.postinst.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'debian/vyatta-cfg-system.postinst.in') diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index 8cc0682a..3304fdd8 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -54,7 +54,7 @@ Cmnd_Alias IPTABLES = /sbin/iptables --list -n,\ Cmnd_Alias IPFLUSH = /sbin/ip route flush cache, \ /sbin/ip route flush cache *,\ /sbin/ip neigh flush to *, \ - /sbin/ip neigh flush dev * \ + /sbin/ip neigh flush dev *, \ /sbin/ip -f inet6 route flush cache, \ /sbin/ip -f inet6 route flush cache *,\ /sbin/ip -f inet6 neigh flush to *, \ -- cgit v1.2.3