diff options
| author | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2010-01-04 16:35:23 -0800 |
|---|---|---|
| committer | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2010-01-04 16:48:57 -0800 |
| commit | 78be5135b674d8a321b5ff2f9497652831c88157 (patch) | |
| tree | 649b62e6f55dca5ca8f5d0dd35bd95777173dc17 /scripts | |
| parent | fda8e26509b6b4ddf1b0103b6f9af65d306da360 (diff) | |
| download | vyatta-op-78be5135b674d8a321b5ff2f9497652831c88157.tar.gz vyatta-op-78be5135b674d8a321b5ff2f9497652831c88157.zip | |
Don't allow operator to run show system login users
Bug 5147
This is a generic way of solving the sudo problem (for now).
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/vyatta-sudo | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/scripts/vyatta-sudo b/scripts/vyatta-sudo new file mode 100755 index 0000000..bb95ae5 --- /dev/null +++ b/scripts/vyatta-sudo @@ -0,0 +1,21 @@ +#! /usr/bin/perl +# + +# Look if user is in sudo group +use strict; +use warnings; + +sub isadmin { + my $gid = getgrnam("sudo"); + return unless $gid; + + # is $gid in list of current groups + return grep { $_ eq $gid } split / /, $(; +} + +die "Missing command arguement\n" unless @ARGV; + +exec ('sudo', @ARGV ) if (isadmin()); + +print "This account is not authorized to run this command\n"; +exit 1; |