add sudo back to save command, and add check to save script that validates vyatta config token at end of file. this will prevent the

accidental overwrite of non vyatta config files. check on prevent existing files that don't contain ' === vyatta-config-version:'
from being saved to.

2 files changed, 10 insertions, 1 deletions

diff --git a/etc/bash_completion.d/20vyatta-cfg b/etc/bash_completion.d/20vyatta-cfg
index 6f1f54d..5f7896d 100755
--- a/etc/bash_completion.d/20vyatta-cfg
+++ b/etc/bash_completion.d/20vyatta-cfg
@@ -70,7 +70,7 @@ show ()
 
 save ()
 {
-  eval "umask 0002 ; ${vyatta_sbindir}/vyatta-save-config.pl $@"
+  eval "sudo sg vyattacfg \"umask 0002 ; ${vyatta_sbindir}/vyatta-save-config.pl $@\""
 }
 
 discard ()
diff --git a/scripts/vyatta-save-config.pl b/scripts/vyatta-save-config.pl
index 79cda88..e8220c0 100755
--- a/scripts/vyatta-save-config.pl
+++ b/scripts/vyatta-save-config.pl
@@ -68,6 +68,15 @@ print "Saving configuration to '$save_file'...\n";
 
 my $save;
 if ($mode eq 'local') {
+    # first check if this file exists, and if so ensure this is a config file.
+    if (-e $save_file) {
+	my $result = `grep ' === vyatta-config-version:' $save_file`;
+	if (!defined $result || length($result) == 0) {
+	    print "File exists and is not a Vyatta configuration file, aborting save!\n";
+	    exit 1;
+	}
+    }
+
     # this overwrites the file if it exists. we could create a backup first.
     open $save, '>', $save_file
 	or die "Can not open file '$save_file': $!\n";