summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-01-09 07:32:41 +0100
committerChristian Breunig <christian@breunig.cc>2024-01-09 07:34:25 +0100
commit07e802a2d3f98cdf29928bf321cc8b89cb41766c (patch)
treecff914f134f7e71e9c1cce570e4a8e0320e95877
parentfc6926fdf32a7bdf9f943c7818ee6ea4a8131fba (diff)
downloadvyos-1x-07e802a2d3f98cdf29928bf321cc8b89cb41766c.tar.gz
vyos-1x-07e802a2d3f98cdf29928bf321cc8b89cb41766c.zip
boot-config-loader: T1622: add missing groups to failsafe user
This extends commit 86d1291ec5 ("[boot-config-loader] T1622: Add failsafe and back trace") and adds missing groups to the vyos user. Without this change the vyos user will only have operator (vyos@vyos>) privileges, even if this level is discontinued. One could hack himself up as the user has sudo rights, but rather place the user in the right groups from the beginning. NOTE: This user is only added if booted with "vyos-config-debug" and an error when the configuration can not be loaded at all.
-rwxr-xr-xsrc/helpers/vyos-boot-config-loader.py3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/helpers/vyos-boot-config-loader.py b/src/helpers/vyos-boot-config-loader.py
index 01b06526d..42de696ce 100755
--- a/src/helpers/vyos-boot-config-loader.py
+++ b/src/helpers/vyos-boot-config-loader.py
@@ -102,7 +102,8 @@ def failsafe(config_file_name):
'authentication',
'encrypted-password'])
- cmd(f"useradd -s /bin/bash -G 'users,sudo' -m -N -p '{passwd}' vyos")
+ cmd(f"useradd --create-home --no-user-group --shell /bin/vbash --password '{passwd}' "\
+ "--groups frr,frrvty,vyattacfg,sudo,adm,dip,disk vyos")
if __name__ == '__main__':
if len(sys.argv) < 2: