diff options
author | Christian Breunig <christian@breunig.cc> | 2024-01-09 07:32:41 +0100 |
---|---|---|
committer | Mergify <37929162+mergify[bot]@users.noreply.github.com> | 2024-01-10 07:11:39 +0000 |
commit | 1f236a3ca73164a6f861a99113bf844ec9b99b06 (patch) | |
tree | ac710f5ee08eb5f05be8561feb51c86547d37d44 | |
parent | 31c816bd5301c9ebf7aa4774484a263290af930a (diff) | |
download | vyos-1x-1f236a3ca73164a6f861a99113bf844ec9b99b06.tar.gz vyos-1x-1f236a3ca73164a6f861a99113bf844ec9b99b06.zip |
boot-config-loader: T1622: add missing groups to failsafe user
This extends commit 86d1291ec5 ("[boot-config-loader] T1622: Add failsafe
and back trace") and adds missing groups to the vyos user. Without this
change the vyos user will only have operator (vyos@vyos>) privileges,
even if this level is discontinued.
One could hack himself up as the user has sudo rights, but rather place
the user in the right groups from the beginning.
NOTE: This user is only added if booted with "vyos-config-debug" and
an error when the configuration can not be loaded at all.
(cherry picked from commit 07e802a2d3f98cdf29928bf321cc8b89cb41766c)
-rwxr-xr-x | src/helpers/vyos-boot-config-loader.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/helpers/vyos-boot-config-loader.py b/src/helpers/vyos-boot-config-loader.py index 01b06526d..42de696ce 100755 --- a/src/helpers/vyos-boot-config-loader.py +++ b/src/helpers/vyos-boot-config-loader.py @@ -102,7 +102,8 @@ def failsafe(config_file_name): 'authentication', 'encrypted-password']) - cmd(f"useradd -s /bin/bash -G 'users,sudo' -m -N -p '{passwd}' vyos") + cmd(f"useradd --create-home --no-user-group --shell /bin/vbash --password '{passwd}' "\ + "--groups frr,frrvty,vyattacfg,sudo,adm,dip,disk vyos") if __name__ == '__main__': if len(sys.argv) < 2: |