From 78be5135b674d8a321b5ff2f9497652831c88157 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen.hemminger@vyatta.com>
Date: Mon, 4 Jan 2010 16:35:23 -0800
Subject: Don't allow operator to run show system login users

Bug 5147
This is a generic way of solving the sudo problem (for now).
---
 scripts/vyatta-sudo | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100755 scripts/vyatta-sudo

(limited to 'scripts')

diff --git a/scripts/vyatta-sudo b/scripts/vyatta-sudo
new file mode 100755
index 0000000..bb95ae5
--- /dev/null
+++ b/scripts/vyatta-sudo
@@ -0,0 +1,21 @@
+#! /usr/bin/perl
+#
+
+# Look if user is in sudo group
+use strict;
+use warnings;
+
+sub isadmin {
+    my $gid = getgrnam("sudo");
+    return unless $gid;
+
+    # is $gid in list of current groups
+    return grep { $_ eq $gid } split / /, $(;
+}
+
+die "Missing command arguement\n" unless @ARGV;
+
+exec ('sudo', @ARGV ) if (isadmin());
+
+print "This account is not authorized to run this command\n";
+exit 1;
-- 
cgit v1.2.3