diff options
author | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2010-01-26 15:29:34 -0800 |
---|---|---|
committer | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2010-01-26 15:29:34 -0800 |
commit | a782154dd201e08138ab42ad881f74087bfbe7da (patch) | |
tree | 3ea4901b3cb961690525cb4a12bb0de490c21f9a /templates/system | |
parent | a388acecee4bc21a1876b4be3f0181d6bb0c95e6 (diff) | |
download | vyatta-cfg-system-a782154dd201e08138ab42ad881f74087bfbe7da.tar.gz vyatta-cfg-system-a782154dd201e08138ab42ad881f74087bfbe7da.zip |
Don't allow vyatta configured accounts to overlap internal accounts
Bug 5269
This prevents user from doing something harmful like making a user
named quagga or cron and putting vbash on that account.
Diffstat (limited to 'templates/system')
-rw-r--r-- | templates/system/login/user/node.def | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/templates/system/login/user/node.def b/templates/system/login/user/node.def index d23a397f..89e10a9c 100644 --- a/templates/system/login/user/node.def +++ b/templates/system/login/user/node.def @@ -1,9 +1,17 @@ tag: type: txt help: Set user account information + +syntax:expression: pattern $VAR(@) "^[a-zA-Z_][a-zA-Z0-9_-]*\\$?$" + ; "invalid user name $VAR(@)" + +# System accounts should not be listed in vyatta configuration +syntax:expression: exec "\ + uid=$(getent passwd $VAR(@) | awk -F: '{print $3}'); \ + [ -z \"$uid\" ] || [ $uid -eq 0 -o $uid -ge 1000 ]" \ + ; "user name \"$VAR(@)\" is reserved for internal usage" + commit:expression: $VAR(authentication/encrypted-password) != "" || ($VAR(authentication/plaintext-password) != "" && $VAR(authentication/plaintext-password/@) != "") ; "user password must be specified" -syntax:expression: pattern $VAR(@) "^[a-zA-Z_][a-zA-Z0-9_-]*\\$?$" - ; "invalid user name $VAR(@)" |