summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-01-09 07:32:41 +0100
committerMergify <37929162+mergify[bot]@users.noreply.github.com>2024-01-10 07:11:39 +0000
commit1f236a3ca73164a6f861a99113bf844ec9b99b06 (patch)
treeac710f5ee08eb5f05be8561feb51c86547d37d44
parent31c816bd5301c9ebf7aa4774484a263290af930a (diff)
downloadvyos-1x-1f236a3ca73164a6f861a99113bf844ec9b99b06.tar.gz
vyos-1x-1f236a3ca73164a6f861a99113bf844ec9b99b06.zip
boot-config-loader: T1622: add missing groups to failsafe user
This extends commit 86d1291ec5 ("[boot-config-loader] T1622: Add failsafe and back trace") and adds missing groups to the vyos user. Without this change the vyos user will only have operator (vyos@vyos>) privileges, even if this level is discontinued. One could hack himself up as the user has sudo rights, but rather place the user in the right groups from the beginning. NOTE: This user is only added if booted with "vyos-config-debug" and an error when the configuration can not be loaded at all. (cherry picked from commit 07e802a2d3f98cdf29928bf321cc8b89cb41766c)
-rwxr-xr-xsrc/helpers/vyos-boot-config-loader.py3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/helpers/vyos-boot-config-loader.py b/src/helpers/vyos-boot-config-loader.py
index 01b06526d..42de696ce 100755
--- a/src/helpers/vyos-boot-config-loader.py
+++ b/src/helpers/vyos-boot-config-loader.py
@@ -102,7 +102,8 @@ def failsafe(config_file_name):
'authentication',
'encrypted-password'])
- cmd(f"useradd -s /bin/bash -G 'users,sudo' -m -N -p '{passwd}' vyos")
+ cmd(f"useradd --create-home --no-user-group --shell /bin/vbash --password '{passwd}' "\
+ "--groups frr,frrvty,vyattacfg,sudo,adm,dip,disk vyos")
if __name__ == '__main__':
if len(sys.argv) < 2: