summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniil Baturin <daniil@baturin.org>2017-09-08 04:41:48 +0200
committerDaniil Baturin <daniil@baturin.org>2017-09-08 04:41:48 +0200
commit79f1f5a884fe7c24785ef9e6a0fb206d873663b7 (patch)
tree582e5f34f076d6a24e7184b70fc45db40af5bc11
parent8a4aeb2df4f7f1c217834865ca297495057a82bc (diff)
downloadvyos-1x-79f1f5a884fe7c24785ef9e6a0fb206d873663b7.tar.gz
vyos-1x-79f1f5a884fe7c24785ef9e6a0fb206d873663b7.zip
Automatically wrap all script calls in generated templates into sudo sh -c
shemminger once said we already overuse sudo and advocated using capabilities instead, but I think the union of all privilege sets needed equals the root privileges, and in practice admin level users need sudo anyway.
-rwxr-xr-xscripts/build-command-templates2
1 files changed, 1 insertions, 1 deletions
diff --git a/scripts/build-command-templates b/scripts/build-command-templates
index 17442bfcb..3ed205c07 100755
--- a/scripts/build-command-templates
+++ b/scripts/build-command-templates
@@ -129,7 +129,7 @@ def make_node_def(props):
node_def += "val_help: {0}; {1}\n".format(v[0], v[1])
if "owner" in props:
- node_def += "end: {0}\n".format(props["owner"])
+ node_def += "end: sudo sh -c \"{0}\"\n".format(props["owner"])
return node_def