From d405670716b948d5156db56e4fc4fb0af10d4fd7 Mon Sep 17 00:00:00 2001
From: John Southworth <john.southworth@vyatta.com>
Date: Tue, 2 Aug 2011 19:43:23 -0500
Subject: Add support for unambiguous top level commands for unpriviledged
 users; generate allowed-op short commands at boot time

---
 etc/init.d/vyatta-router            |  7 +++++++
 etc/shell/level/users/allowed-op    | 20 --------------------
 etc/shell/level/users/allowed-op.in | 20 ++++++++++++++++++++
 3 files changed, 27 insertions(+), 20 deletions(-)
 delete mode 100644 etc/shell/level/users/allowed-op
 create mode 100644 etc/shell/level/users/allowed-op.in

diff --git a/etc/init.d/vyatta-router b/etc/init.d/vyatta-router
index e10f054..43c9e29 100755
--- a/etc/init.d/vyatta-router
+++ b/etc/init.d/vyatta-router
@@ -186,6 +186,12 @@ mount_slash_config ()
     fi
 }
 
+generate_unpriv_cmds ()
+{
+  source /opt/vyatta/share/vyatta-op/functions/interpreter/vyatta-unpriv
+  vyatta_unpriv_gen_allowed
+}
+
 start ()
 {
     log_action_begin_msg "Mounting Vyatta Config"
@@ -230,6 +236,7 @@ start ()
     telinit q
     bind_mount_boot
     chmod g-w,o-w /
+    generate_unpriv_cmds 
 }
 
 stop()
diff --git a/etc/shell/level/users/allowed-op b/etc/shell/level/users/allowed-op
deleted file mode 100644
index a45a92f..0000000
--- a/etc/shell/level/users/allowed-op
+++ /dev/null
@@ -1,20 +0,0 @@
-clear
-connect
-debug
-delete
-disconnect
-exit
-force
-no
-ping
-ping6
-release
-renew
-set
-show
-telnet
-terminal
-traceroute
-traceroute6
-undebug
-update
diff --git a/etc/shell/level/users/allowed-op.in b/etc/shell/level/users/allowed-op.in
new file mode 100644
index 0000000..a45a92f
--- /dev/null
+++ b/etc/shell/level/users/allowed-op.in
@@ -0,0 +1,20 @@
+clear
+connect
+debug
+delete
+disconnect
+exit
+force
+no
+ping
+ping6
+release
+renew
+set
+show
+telnet
+terminal
+traceroute
+traceroute6
+undebug
+update
-- 
cgit v1.2.3