From 04a54264cfc1041eb9ae238ccafab7f0e4be4a75 Mon Sep 17 00:00:00 2001
From: An-Cheng Huang <ancheng@vyatta.com>
Date: Fri, 7 Dec 2007 18:19:48 -0800
Subject: add policy mechanism for user management: per-level policies control
 default restricted mode and allowed op/cfg/pipe commands.

---
 etc/shell/level/admin/restricted-mode |  1 +
 etc/shell/level/users/allowed-cfg     |  0
 etc/shell/level/users/allowed-op      |  3 +++
 etc/shell/level/users/allowed-pipe    | 10 ++++++++++
 etc/shell/level/users/restricted-mode |  1 +
 5 files changed, 15 insertions(+)
 create mode 100644 etc/shell/level/admin/restricted-mode
 create mode 100644 etc/shell/level/users/allowed-cfg
 create mode 100644 etc/shell/level/users/allowed-op
 create mode 100644 etc/shell/level/users/allowed-pipe
 create mode 100644 etc/shell/level/users/restricted-mode

(limited to 'etc/shell/level')

diff --git a/etc/shell/level/admin/restricted-mode b/etc/shell/level/admin/restricted-mode
new file mode 100644
index 0000000..53752db
--- /dev/null
+++ b/etc/shell/level/admin/restricted-mode
@@ -0,0 +1 @@
+output
diff --git a/etc/shell/level/users/allowed-cfg b/etc/shell/level/users/allowed-cfg
new file mode 100644
index 0000000..e69de29
diff --git a/etc/shell/level/users/allowed-op b/etc/shell/level/users/allowed-op
new file mode 100644
index 0000000..a2ad52d
--- /dev/null
+++ b/etc/shell/level/users/allowed-op
@@ -0,0 +1,3 @@
+show
+terminal
+exit
diff --git a/etc/shell/level/users/allowed-pipe b/etc/shell/level/users/allowed-pipe
new file mode 100644
index 0000000..3204ef3
--- /dev/null
+++ b/etc/shell/level/users/allowed-pipe
@@ -0,0 +1,10 @@
+more
+1
+no-more
+1
+count
+1
+match
+2
+no-match
+2
diff --git a/etc/shell/level/users/restricted-mode b/etc/shell/level/users/restricted-mode
new file mode 100644
index 0000000..2877147
--- /dev/null
+++ b/etc/shell/level/users/restricted-mode
@@ -0,0 +1 @@
+full
-- 
cgit v1.2.3