summaryrefslogtreecommitdiff
path: root/debian/vyos-1x.postinst
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-08-28 21:24:14 +0200
committerChristian Breunig <christian@breunig.cc>2023-08-28 21:24:14 +0200
commit469267b21944e2469b0faf0bc1b54dad15b1bbcc (patch)
treeae7a418fcf8dc28be497e423d1376241f1495d33 /debian/vyos-1x.postinst
parent710b928d6d992a8c6b5b123fca75979b3b47e457 (diff)
downloadvyos-1x-469267b21944e2469b0faf0bc1b54dad15b1bbcc.tar.gz
vyos-1x-469267b21944e2469b0faf0bc1b54dad15b1bbcc.zip
Debian: T5521: both RADIUS and TACACS users belong to aaa group, add group first
Diffstat (limited to 'debian/vyos-1x.postinst')
-rw-r--r--debian/vyos-1x.postinst10
1 files changed, 5 insertions, 5 deletions
diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst
index f3dc00b46..b0aefed33 100644
--- a/debian/vyos-1x.postinst
+++ b/debian/vyos-1x.postinst
@@ -29,6 +29,11 @@ do
sed -i "/^# Standard Un\*x authentication\./i${PAM_CONFIG}" $file
done
+# Both RADIUS and TACACS users belong to aaa group - this must be added first
+if ! grep -q '^aaa' /etc/group; then
+ addgroup --firstgid 1000 --quiet aaa
+fi
+
# Remove TACACS user added by base package - we use our own UID range and group
# assignments - see below
if grep -q '^tacacs' /etc/passwd; then
@@ -74,11 +79,6 @@ if ! grep -q '^tacacs' /etc/passwd; then
done 2>&1 | grep -v 'User tacacs${level} already exists'
fi
-
-if ! grep -q '^aaa' /etc/group; then
- addgroup --firstgid 1000 --quiet aaa
-fi
-
# Add RADIUS operator user for RADIUS authenticated users to map to
if ! grep -q '^radius_user' /etc/passwd; then
adduser --quiet --firstuid 1000 --disabled-login --ingroup vyattaop \