summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-10-18 21:36:38 +0200
committerGitHub <noreply@github.com>2022-10-18 21:36:38 +0200
commit4072b81833be0476c8244e13f3fc6d27a01c708c (patch)
treeb2db7165b4bcda7da94babc1cc6064e96c6607cb
parente04aa5f1a8c2d53bfa89949cc57cb057be633bd1 (diff)
parent1ccc608264ad7daa05508330876707e22972e1ea (diff)
downloadvyatta-cfg-system-4072b81833be0476c8244e13f3fc6d27a01c708c.tar.gz
vyatta-cfg-system-4072b81833be0476c8244e13f3fc6d27a01c708c.zip
Merge pull request #187 from c-po/t4533-radius-permission-backport
T4533: Allow basic permissions to unprivileged RADIUS users
Diffstat
-rw-r--r--sysconf/sudoers7
1 files changed, 5 insertions, 2 deletions
diff --git a/sysconf/sudoers b/sysconf/sudoers
index 998e7083..309f1467 100644
--- a/sysconf/sudoers
+++ b/sysconf/sudoers
@@ -26,7 +26,7 @@ Cmnd_Alias IPFLUSH = /sbin/ip route flush cache, \
/sbin/ip -f inet6 route flush cache, \
/sbin/ip -f inet6 route flush cache *,\
/sbin/ip -f inet6 neigh flush to *, \
- /sbin/ip -f inet6 neigh flush dev *
+ /sbin/ip -f inet6 neigh flush dev *
Cmnd_Alias ETHTOOL = /sbin/ethtool -p *, \
/sbin/ethtool -S *, \
/sbin/ethtool -a *, \
@@ -40,10 +40,13 @@ Cmnd_Alias PCAPTURE = /usr/bin/tcpdump
Cmnd_Alias HWINFO = /usr/bin/lspci
Cmnd_Alias FORCE_CLUSTER = /usr/share/heartbeat/hb_takeover, \
/usr/share/heartbeat/hb_standby
+Cmnd_Alias DIAGNOSTICS = /bin/ip vrf exec * /bin/ping *, \
+ /bin/ip vrf exec * /bin/traceroute *, \
+ /usr/libexec/vyos/op_mode/*
%operator ALL=NOPASSWD: DATE, IPTABLES, ETHTOOL, IPFLUSH, HWINFO, \
PPPOE_CMDS, PCAPTURE, /usr/sbin/wanpipemon, \
DMIDECODE, DISK, CONNTRACK, IP6TABLES, \
- FORCE_CLUSTER
+ FORCE_CLUSTER, DIAGNOSTICS
# Allow any user to run files in sudo-users
%users ALL=NOPASSWD: /opt/vyatta/bin/sudo-users/
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-30 09:54:58 +0000