summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/vyatta-cfg-system.postinst.in7
-rwxr-xr-xlib/Vyatta/Login/User.pm14
2 files changed, 21 insertions, 0 deletions
diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in
index a44fe657..1a9f0bd5 100644
--- a/debian/vyatta-cfg-system.postinst.in
+++ b/debian/vyatta-cfg-system.postinst.in
@@ -166,6 +166,13 @@ cp -f /opt/vyatta/etc/syslog.conf /etc/syslog.conf
# this logs unnecessary messages trying to start ddclient
rm -f /etc/ppp/ip-up.d/ddclient
+# set up protected users override file (if necessary)
+PU_FILE=/opt/vyatta/etc/protected-users
+if [ ! -r "$PU_FILE" ]; then
+ touch $PU_FILE
+ chmod 644 $PU_FILE
+fi
+
# Local Variables:
# mode: shell-script
# sh-indentation: 4
diff --git a/lib/Vyatta/Login/User.pm b/lib/Vyatta/Login/User.pm
index a94b8d08..f5e8337f 100755
--- a/lib/Vyatta/Login/User.pm
+++ b/lib/Vyatta/Login/User.pm
@@ -60,14 +60,28 @@ sub get_groups {
return \%group_map;
}
+# protected users override file
+my $protected_override = '/opt/vyatta/etc/protected-users';
+
# make list of vyatta users (ie. users of vbash)
sub _vyatta_users {
my @vusers;
+ my %protected_override = ();
+ my $pfd;
+ if (open($pfd, '<', "$protected_override")) {
+ while (<$pfd>) {
+ next if (!defined($_));
+ chomp;
+ $protected_override{$_} = 1;
+ }
+ close($pfd);
+ }
setpwent();
# ($name,$passwd,$uid,$gid,$quota,$comment,$gcos,$dir,$shell,$expire)
# = getpw*
while ( my ($name, undef, undef, undef, undef, undef,
undef, undef, $shell) = getpwent() ) {
+ next if (defined($protected_override{$name}));
push @vusers, $name if ($shell eq '/bin/vbash');
}
endpwent();