From 4dbba52a5b7e97d55ea7c4f957f594204350b9b2 Mon Sep 17 00:00:00 2001
From: An-Cheng Huang <ancheng@vyatta.com>
Date: Tue, 4 Dec 2007 18:53:56 -0800
Subject: * restrict "users" level sudo permissions to the "sudo-users"
 directory. * add wrappers for show commands requiring sudo and put them in
 "sudo-users" directory.

---
 templates/show/interfaces/ethernet/node.tag/physical/node.def       | 2 +-
 .../interfaces/ethernet/node.tag/vif/node.tag/physical/node.def     | 2 +-
 templates/show/log/all/node.def                                     | 2 +-
 templates/show/log/file/node.tag/node.def                           | 6 +-----
 templates/show/log/node.def                                         | 2 +-
 5 files changed, 5 insertions(+), 9 deletions(-)

(limited to 'templates')

diff --git a/templates/show/interfaces/ethernet/node.tag/physical/node.def b/templates/show/interfaces/ethernet/node.tag/physical/node.def
index 0d4dcf1..3e4e2bc 100644
--- a/templates/show/interfaces/ethernet/node.tag/physical/node.def
+++ b/templates/show/interfaces/ethernet/node.tag/physical/node.def
@@ -1,3 +1,3 @@
 help: Show physical device information of given ethernet interface
 allowed: ""
-run: sudo ethtool $4
+run: sudo ${vyatta_bindir}/sudo-users/vyatta-ethtool-wrapper $4
diff --git a/templates/show/interfaces/ethernet/node.tag/vif/node.tag/physical/node.def b/templates/show/interfaces/ethernet/node.tag/vif/node.tag/physical/node.def
index 96cd2a5..d2e8593 100644
--- a/templates/show/interfaces/ethernet/node.tag/vif/node.tag/physical/node.def
+++ b/templates/show/interfaces/ethernet/node.tag/vif/node.tag/physical/node.def
@@ -1,2 +1,2 @@
 help: Show given virtual network interface pseudo-physical information
-run: sudo ethtool $4.$6
+run: sudo ${vyatta_bindir}/sudo-users/vyatta-ethtool-wrapper $4.$6
diff --git a/templates/show/log/all/node.def b/templates/show/log/all/node.def
index 87e959b..26f97a3 100644
--- a/templates/show/log/all/node.def
+++ b/templates/show/log/all/node.def
@@ -1,2 +1,2 @@
 help: Show contents of all master log files
-run: ${vyatta_bindir}/vyatta-show-log-all
+run: sudo ${vyatta_bindir}/sudo-users/vyatta-show-log-all
diff --git a/templates/show/log/file/node.tag/node.def b/templates/show/log/file/node.tag/node.def
index 443458a..65700df 100644
--- a/templates/show/log/file/node.tag/node.def
+++ b/templates/show/log/file/node.tag/node.def
@@ -2,8 +2,4 @@ help: Show contents of user-defined log file
 allowed: local -a array ;
          array=( /var/log/user/* ) ;
          echo  -n ${array[@]##*/}
-run: if [ -f /var/log/user/$4 ]; then
-	cat /var/log/user/$4;
-     else
-	echo "no such file";
-     fi
+run: sudo ${vyatta_bindir}/sudo-users/vyatta-show-log-file $4
diff --git a/templates/show/log/node.def b/templates/show/log/node.def
index 898a7ed..2362962 100644
--- a/templates/show/log/node.def
+++ b/templates/show/log/node.def
@@ -1,2 +1,2 @@
 help: Show contents of current master log file
-run: cat /var/log/messages
+run: sudo ${vyatta_bindir}/sudo-users/vyatta-show-log
-- 
cgit v1.2.3