diff options
-rw-r--r-- | debian/vyatta-cfg-system.postinst.in | 7 | ||||
-rwxr-xr-x | lib/Vyatta/Login/User.pm | 14 |
2 files changed, 21 insertions, 0 deletions
diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index a44fe657..1a9f0bd5 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -166,6 +166,13 @@ cp -f /opt/vyatta/etc/syslog.conf /etc/syslog.conf # this logs unnecessary messages trying to start ddclient rm -f /etc/ppp/ip-up.d/ddclient +# set up protected users override file (if necessary) +PU_FILE=/opt/vyatta/etc/protected-users +if [ ! -r "$PU_FILE" ]; then + touch $PU_FILE + chmod 644 $PU_FILE +fi + # Local Variables: # mode: shell-script # sh-indentation: 4 diff --git a/lib/Vyatta/Login/User.pm b/lib/Vyatta/Login/User.pm index a94b8d08..f5e8337f 100755 --- a/lib/Vyatta/Login/User.pm +++ b/lib/Vyatta/Login/User.pm @@ -60,14 +60,28 @@ sub get_groups { return \%group_map; } +# protected users override file +my $protected_override = '/opt/vyatta/etc/protected-users'; + # make list of vyatta users (ie. users of vbash) sub _vyatta_users { my @vusers; + my %protected_override = (); + my $pfd; + if (open($pfd, '<', "$protected_override")) { + while (<$pfd>) { + next if (!defined($_)); + chomp; + $protected_override{$_} = 1; + } + close($pfd); + } setpwent(); # ($name,$passwd,$uid,$gid,$quota,$comment,$gcos,$dir,$shell,$expire) # = getpw* while ( my ($name, undef, undef, undef, undef, undef, undef, undef, $shell) = getpwent() ) { + next if (defined($protected_override{$name})); push @vusers, $name if ($shell eq '/bin/vbash'); } endpwent(); |