From 730ece6544cd2c350cac3740ef2a7db10cd37987 Mon Sep 17 00:00:00 2001
From: Stig Thormodsrud <stig@io.vyatta.com>
Date: Fri, 14 Nov 2008 12:48:29 -0800
Subject: Fix 3920: Operator level users require sudo permission for nat
 translation monitor commands

---
 debian/vyatta-cfg-system.postinst.in | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'debian')

diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in
index 5bd37e29..8cc0682a 100644
--- a/debian/vyatta-cfg-system.postinst.in
+++ b/debian/vyatta-cfg-system.postinst.in
@@ -68,7 +68,8 @@ Cmnd_Alias DATE    = /bin/date, /usr/sbin/ntpdate
 Cmnd_Alias PPPOE_CMDS = /sbin/pppd, /sbin/poff, /usr/sbin/pppstats
 Cmnd_Alias PCAPTURE = /usr/bin/tshark, /usr/bin/tcpdump
 %operator ALL=NOPASSWD: DATE, IPTABLES, ETHTOOL, IPFLUSH, \
-			PPPOE_CMDS, PCAPTURE, /usr/sbin/wanpipemon, /usr/bin/lsof
+			PPPOE_CMDS, PCAPTURE, /usr/sbin/wanpipemon, \
+                        /usr/bin/lsof, /usr/sbin/conntrack
 EOF
     cat <<EOF >>/etc/sudoers
 %users ALL=NOPASSWD: ${bindir}/sudo-users/
-- 
cgit v1.2.3