From 0225aa7954236999d2ce110093378880ba7b65f4 Mon Sep 17 00:00:00 2001 From: Stig Thormodsrud Date: Tue, 26 Feb 2008 13:05:40 -0800 Subject: Fix 2877: Bridge group can not be assiged to vif sub interfaceZ --- .../node.tag/vif/node.tag/bridge-group/bridge/node.def | 9 ++++----- .../node.tag/vif/node.tag/bridge-group/cost/node.def | 4 ++-- .../ethernet/node.tag/vif/node.tag/bridge-group/node.def | 13 +++++++++++++ .../node.tag/vif/node.tag/bridge-group/priority/node.def | 4 ++-- 4 files changed, 21 insertions(+), 9 deletions(-) diff --git a/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/bridge/node.def b/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/bridge/node.def index fffa0eeb..9c65ff16 100644 --- a/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/bridge/node.def +++ b/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/bridge/node.def @@ -1,12 +1,11 @@ type: txt help: Add this interface to a bridge-group -syntax:expression: exec " \ - if [ -z \"`sudo brctl show | grep $VAR(@) `\" ]; then \ +syntax:expression: exec " \ + if [ -z \"`sudo brctl show | grep $VAR(@) `\" ]; then \ echo bridge interface $VAR(@) doesn\\'t exist on this system ; \ - exit 1 ; \ + exit 1 ; \ fi ; " -update:expression: "sudo brctl addif $VAR(@) $VAR(../../../../@).$VAR(../../@)" -delete:expression: "sudo brctl delif $VAR(@) $VAR(../../../../@).$VAR(../../@)" +delete:expression: "sudo brctl delif $VAR(@) $VAR(../../../@).$VAR(../../@)" allowed: local -a array ; array=( /sys/class/net/br* ) ; echo -n ${array[@]##*/} diff --git a/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/cost/node.def b/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/cost/node.def index f3ae520f..ef2d9940 100644 --- a/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/cost/node.def +++ b/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/cost/node.def @@ -1,4 +1,4 @@ type: u32 help: Set the path cost for this port -commit:expression: $VAR(../bridge/) != ""; "Must configure bridge interface" -update:expression: "sudo brctl setpathcost $VAR(../../@) $VAR(@)" +comp_help: possible completions: + <0-2147483647> Set port cost diff --git a/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/node.def b/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/node.def index fd392431..af1c0e85 100644 --- a/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/node.def +++ b/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/node.def @@ -1,2 +1,15 @@ help: Add this interface to a bridge group commit:expression: $VAR(./bridge/) != ""; "Must set the bridge interface" +create:expression: "sudo brctl addif $VAR(./bridge/@) $VAR(../../@).$VAR(../@)" +delete:expression: "touch /tmp/eth-$VAR(../@)-bridge.$PPID" +end:expression: "\ + if [ -f \"/tmp/eth-$VAR(../@)-bridge.$PPID\" ]; then \ + rm -f /tmp/eth-$VAR(../@)-bridge.$PPID; \ + else \ + if [ -n \"$VAR(./cost/@)\" ]; then \ + sudo brctl setpathcost $VAR(./bridge/@) $VAR(../../@).$VAR(../@) $VAR(./cost/@); \ + fi; \ + if [ -n \"$VAR(./priority/@)\" ]; then \ + sudo brctl setportprio $VAR(./bridge/@) $VAR(../../@).$VAR(../@) $VAR(./priority/@); \ + fi; \ + fi; " diff --git a/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/priority/node.def b/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/priority/node.def index 12200b72..8688c394 100644 --- a/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/priority/node.def +++ b/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/priority/node.def @@ -1,4 +1,4 @@ type: u32 help: Set the path priority for this port -commit:expression: $VAR(../bridge/) != ""; "Must configure bridge interface" -update:expression: "sudo brctl setportprio $VAR(../../@) $VAR(@)" +comp_help: possible completions: + <0-255> Set port priority -- cgit v1.2.3 From 3f90953b7705a59dbb41019bd69f924541607238 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 26 Feb 2008 14:50:27 -0800 Subject: add operator and admin to linux group adm Add operator to group adm to allow reading log files without sudo. This group is used allow reading files in /var/log so the operational mode show log commands don't need sudo. --- scripts/system/vyatta_update_login_user.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/system/vyatta_update_login_user.pl b/scripts/system/vyatta_update_login_user.pl index a059c227..0b847ff7 100755 --- a/scripts/system/vyatta_update_login_user.pl +++ b/scripts/system/vyatta_update_login_user.pl @@ -137,8 +137,8 @@ if ($user eq "-d") { } my %level_map = ( - 'admin' => [ 'users', 'quaggavty', 'vyattacfg', 'sudo', ], - 'operator' => [ 'users', 'quaggavty', ], + 'admin' => [ 'users', 'quaggavty', 'vyattacfg', 'sudo', 'adm', ], + 'operator' => [ 'users', 'quaggavty', 'adm', ], ); exit 4 if (!defined($user) || !defined($full) || !defined($encrypted) || !defined($level)); -- cgit v1.2.3 From b8300c77e22acb1569e15a4977be20ef3a7d5cfe Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 26 Feb 2008 16:25:06 -0800 Subject: add option to disable root login over ssh See: https://bugzilla.vyatta.com/show_bug.cgi?id=2798 and https://bugzilla.vyatta.com/show_bug.cgi?id=2806 --- templates/service/ssh/root-allowed/node.def | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 templates/service/ssh/root-allowed/node.def diff --git a/templates/service/ssh/root-allowed/node.def b/templates/service/ssh/root-allowed/node.def new file mode 100644 index 00000000..8c5a6fd9 --- /dev/null +++ b/templates/service/ssh/root-allowed/node.def @@ -0,0 +1,19 @@ +type: bool +help: Allow root login over ssh +default: false +help: Enable/disable root login +update: if [ \"$VAR(@)\" == \"true\" ]; then + sudo ed - /etc/ssh/sshd_config <<-"EOF" + /^PermitRootLogin/s/no/yes/ + wq + EOF + else + sudo ed - /etc/ssh/sshd_config <<-"EOF" + /^PermitRootLogin/s/yes/no/ + wq + EOF + fi +delete: sudo ed - /etc/ssh/sshd_config <<-"EOF" + /^PermitRootLogin/s/yes/no/ + wq + EOF -- cgit v1.2.3