diff options
author | Daniil Baturin <daniil@baturin.org> | 2017-09-08 04:41:48 +0200 |
---|---|---|
committer | Daniil Baturin <daniil@baturin.org> | 2017-09-08 04:41:48 +0200 |
commit | 79f1f5a884fe7c24785ef9e6a0fb206d873663b7 (patch) | |
tree | 582e5f34f076d6a24e7184b70fc45db40af5bc11 | |
parent | 8a4aeb2df4f7f1c217834865ca297495057a82bc (diff) | |
download | vyos-1x-79f1f5a884fe7c24785ef9e6a0fb206d873663b7.tar.gz vyos-1x-79f1f5a884fe7c24785ef9e6a0fb206d873663b7.zip |
Automatically wrap all script calls in generated templates into sudo sh -c
shemminger once said we already overuse sudo and advocated using capabilities
instead, but I think the union of all privilege sets needed equals the root
privileges, and in practice admin level users need sudo anyway.
-rwxr-xr-x | scripts/build-command-templates | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/scripts/build-command-templates b/scripts/build-command-templates index 17442bfcb..3ed205c07 100755 --- a/scripts/build-command-templates +++ b/scripts/build-command-templates @@ -129,7 +129,7 @@ def make_node_def(props): node_def += "val_help: {0}; {1}\n".format(v[0], v[1]) if "owner" in props: - node_def += "end: {0}\n".format(props["owner"]) + node_def += "end: sudo sh -c \"{0}\"\n".format(props["owner"]) return node_def |