From b5bb8c35539d1b108e988d39153abc813c326b0f Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 26 Jan 2010 17:50:33 -0800 Subject: Add additional check that new user doesn't exist in NSS If user exists in NSS (LDAP, TACACS+) but not on local machine, then it can not be changed with CLI. useradd will fail (user exists), and usermod will fail (can't find user in passwd file). Bug 5249 --- templates/system/login/user/node.def | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'templates/system/login') diff --git a/templates/system/login/user/node.def b/templates/system/login/user/node.def index 89e10a9c..751767d6 100644 --- a/templates/system/login/user/node.def +++ b/templates/system/login/user/node.def @@ -5,11 +5,7 @@ help: Set user account information syntax:expression: pattern $VAR(@) "^[a-zA-Z_][a-zA-Z0-9_-]*\\$?$" ; "invalid user name $VAR(@)" -# System accounts should not be listed in vyatta configuration -syntax:expression: exec "\ - uid=$(getent passwd $VAR(@) | awk -F: '{print $3}'); \ - [ -z \"$uid\" ] || [ $uid -eq 0 -o $uid -ge 1000 ]" \ - ; "user name \"$VAR(@)\" is reserved for internal usage" +syntax:expression: exec "/opt/vyatta/sbin/vyatta_check_username.pl $VAR(@)" commit:expression: $VAR(authentication/encrypted-password) != "" || ($VAR(authentication/plaintext-password) != "" -- cgit v1.2.3