summaryrefslogtreecommitdiff
path: root/templates
diff options
context:
space:
mode:
authorStephen Hemminger <stephen.hemminger@vyatta.com>2010-01-26 15:29:34 -0800
committerStephen Hemminger <stephen.hemminger@vyatta.com>2010-01-26 15:29:34 -0800
commita782154dd201e08138ab42ad881f74087bfbe7da (patch)
tree3ea4901b3cb961690525cb4a12bb0de490c21f9a /templates
parenta388acecee4bc21a1876b4be3f0181d6bb0c95e6 (diff)
downloadvyatta-cfg-system-a782154dd201e08138ab42ad881f74087bfbe7da.tar.gz
vyatta-cfg-system-a782154dd201e08138ab42ad881f74087bfbe7da.zip
Don't allow vyatta configured accounts to overlap internal accounts
Bug 5269 This prevents user from doing something harmful like making a user named quagga or cron and putting vbash on that account.
Diffstat (limited to 'templates')
-rw-r--r--templates/system/login/user/node.def12
1 files changed, 10 insertions, 2 deletions
diff --git a/templates/system/login/user/node.def b/templates/system/login/user/node.def
index d23a397f..89e10a9c 100644
--- a/templates/system/login/user/node.def
+++ b/templates/system/login/user/node.def
@@ -1,9 +1,17 @@
tag:
type: txt
help: Set user account information
+
+syntax:expression: pattern $VAR(@) "^[a-zA-Z_][a-zA-Z0-9_-]*\\$?$"
+ ; "invalid user name $VAR(@)"
+
+# System accounts should not be listed in vyatta configuration
+syntax:expression: exec "\
+ uid=$(getent passwd $VAR(@) | awk -F: '{print $3}'); \
+ [ -z \"$uid\" ] || [ $uid -eq 0 -o $uid -ge 1000 ]" \
+ ; "user name \"$VAR(@)\" is reserved for internal usage"
+
commit:expression: $VAR(authentication/encrypted-password) != ""
|| ($VAR(authentication/plaintext-password) != ""
&& $VAR(authentication/plaintext-password/@) != "")
; "user password must be specified"
-syntax:expression: pattern $VAR(@) "^[a-zA-Z_][a-zA-Z0-9_-]*\\$?$"
- ; "invalid user name $VAR(@)"