diff options
| author | Christian Poessinger <christian@poessinger.com> | 2021-06-26 22:06:10 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2021-06-26 22:06:10 +0200 |
| commit | b34685caa3431f4c83b3ce0e714992ddcdd23b20 (patch) | |
| tree | 39ab764ac9197b296d2a6d7586d242ec43b3c69f | |
| parent | aa357cb0f03ef2cc5a0aa2d18d516ab823e384b4 (diff) | |
| download | vyatta-cfg-system-b34685caa3431f4c83b3ce0e714992ddcdd23b20.tar.gz vyatta-cfg-system-b34685caa3431f4c83b3ce0e714992ddcdd23b20.zip | |
Move sudoers file to vyos-1x
| -rw-r--r-- | Makefile.am | 1 | ||||
| -rwxr-xr-x | debian/vyatta-cfg-system.postinst.in | 7 | ||||
| -rw-r--r-- | sysconf/sudoers | 53 |
3 files changed, 0 insertions, 61 deletions
diff --git a/Makefile.am b/Makefile.am index b3f8dc71..7bbf0487 100644 --- a/Makefile.am +++ b/Makefile.am @@ -54,7 +54,6 @@ sysconf_DATA += sysconf/securetty sysconf_DATA += sysconf/level sysconf_DATA += sysconf/filecaps sysconf_DATA += sysconf/capability.conf -sysconf_DATA += sysconf/sudoers sysconf_DATA += sysconf/netdevice libudevdir = /lib/udev diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index 1db45622..6a5c830c 100755 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -33,13 +33,6 @@ if [ "$sysconfdir" != "/etc" ]; then -e '/sudo-users/d' \ -e '/env_keep+=VYATTA/d' || true - # Turn off Debian default for %sudo - sed -i -e '/^%sudo/d' /etc/sudoers || true - - # Add Vyatta entries for sudoers - cp $sysconfdir/sudoers /etc/sudoers.d/vyatta - chmod 0440 /etc/sudoers.d/vyatta - # purge off ancient devfs stuff from /etc/securetty cp $sysconfdir/securetty /etc/securetty diff --git a/sysconf/sudoers b/sysconf/sudoers deleted file mode 100644 index 998e7083..00000000 --- a/sysconf/sudoers +++ /dev/null @@ -1,53 +0,0 @@ -# -# Vyatta modifications to sudo configuration -# -Defaults syslog_goodpri=info -Defaults env_keep+=VYATTA_* - -# -# Command groups allowed for operator users -# -Cmnd_Alias IPTABLES = /sbin/iptables --list -n,\ - /sbin/iptables -L -vn,\ - /sbin/iptables -L * -vn,\ - /sbin/iptables -t * -L *, \ - /sbin/iptables -Z *,\ - /sbin/iptables -Z -t nat, \ - /sbin/iptables -t * -Z * -Cmnd_Alias IP6TABLES = /sbin/ip6tables -t * -Z *, \ - /sbin/ip6tables -t * -L * -Cmnd_Alias CONNTRACK = /usr/sbin/conntrack -L *, \ - /usr/sbin/conntrack -G *, \ - /usr/sbin/conntrack -E * -Cmnd_Alias IPFLUSH = /sbin/ip route flush cache, \ - /sbin/ip route flush cache *,\ - /sbin/ip neigh flush to *, \ - /sbin/ip neigh flush dev *, \ - /sbin/ip -f inet6 route flush cache, \ - /sbin/ip -f inet6 route flush cache *,\ - /sbin/ip -f inet6 neigh flush to *, \ - /sbin/ip -f inet6 neigh flush dev * -Cmnd_Alias ETHTOOL = /sbin/ethtool -p *, \ - /sbin/ethtool -S *, \ - /sbin/ethtool -a *, \ - /sbin/ethtool -c *, \ - /sbin/ethtool -i * -Cmnd_Alias DMIDECODE = /usr/sbin/dmidecode -Cmnd_Alias DISK = /usr/bin/lsof, /sbin/fdisk -l *, /sbin/sfdisk -d * -Cmnd_Alias DATE = /bin/date, /usr/sbin/ntpdate -Cmnd_Alias PPPOE_CMDS = /sbin/pppd, /sbin/poff, /usr/sbin/pppstats -Cmnd_Alias PCAPTURE = /usr/bin/tcpdump -Cmnd_Alias HWINFO = /usr/bin/lspci -Cmnd_Alias FORCE_CLUSTER = /usr/share/heartbeat/hb_takeover, \ - /usr/share/heartbeat/hb_standby -%operator ALL=NOPASSWD: DATE, IPTABLES, ETHTOOL, IPFLUSH, HWINFO, \ - PPPOE_CMDS, PCAPTURE, /usr/sbin/wanpipemon, \ - DMIDECODE, DISK, CONNTRACK, IP6TABLES, \ - FORCE_CLUSTER - -# Allow any user to run files in sudo-users -%users ALL=NOPASSWD: /opt/vyatta/bin/sudo-users/ - -# Allow members of group sudo to execute any command -%sudo ALL=NOPASSWD: ALL - |