diff options
author | Viacheslav Hletenko <v.gletenko@vyos.io> | 2022-10-14 17:54:43 +0000 |
---|---|---|
committer | Viacheslav Hletenko <v.gletenko@vyos.io> | 2022-10-14 17:54:43 +0000 |
commit | 372ccffe5bd1a9f44e18ae796b6f10b9ba5e95c8 (patch) | |
tree | 110f6a9f99ec7b8ca0f72394a4a3e6a35e76ff45 | |
parent | 427ea592ae8d92d29aca245683832b5bd75b643d (diff) | |
download | vyos-1x-372ccffe5bd1a9f44e18ae796b6f10b9ba5e95c8.tar.gz vyos-1x-372ccffe5bd1a9f44e18ae796b6f10b9ba5e95c8.zip |
T4533: Allow basic permissions to unprivileged RADIUS users
Unprivileged RADIUS users cannot do simple diagnostics like ping
or traceroute. Allow them such tools.
Ability to execute op-mode commands for them.
It is not new 'operator mode' feature but it allows RADIUS users
execute op-mode commands
-rw-r--r-- | src/etc/sudoers.d/vyos | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/etc/sudoers.d/vyos b/src/etc/sudoers.d/vyos index f760b417f..e0fd8cb0b 100644 --- a/src/etc/sudoers.d/vyos +++ b/src/etc/sudoers.d/vyos @@ -40,10 +40,13 @@ Cmnd_Alias PCAPTURE = /usr/bin/tcpdump Cmnd_Alias HWINFO = /usr/bin/lspci Cmnd_Alias FORCE_CLUSTER = /usr/share/heartbeat/hb_takeover, \ /usr/share/heartbeat/hb_standby +Cmnd_Alias DIAGNOSTICS = /bin/ip vrf exec * /bin/ping *, \ + /bin/ip vrf exec * /bin/traceroute *, \ + /usr/libexec/vyos/op_mode/* %operator ALL=NOPASSWD: DATE, IPTABLES, ETHTOOL, IPFLUSH, HWINFO, \ PPPOE_CMDS, PCAPTURE, /usr/sbin/wanpipemon, \ DMIDECODE, DISK, CONNTRACK, IP6TABLES, \ - FORCE_CLUSTER + FORCE_CLUSTER, DIAGNOSTICS # Allow any user to run files in sudo-users %users ALL=NOPASSWD: /opt/vyatta/bin/sudo-users/ |