diff options
author | Christian Breunig <christian@breunig.cc> | 2023-08-28 21:24:14 +0200 |
---|---|---|
committer | Christian Breunig <christian@breunig.cc> | 2023-08-28 21:24:14 +0200 |
commit | 469267b21944e2469b0faf0bc1b54dad15b1bbcc (patch) | |
tree | ae7a418fcf8dc28be497e423d1376241f1495d33 /debian/vyos-1x.postinst | |
parent | 710b928d6d992a8c6b5b123fca75979b3b47e457 (diff) | |
download | vyos-1x-469267b21944e2469b0faf0bc1b54dad15b1bbcc.tar.gz vyos-1x-469267b21944e2469b0faf0bc1b54dad15b1bbcc.zip |
Debian: T5521: both RADIUS and TACACS users belong to aaa group, add group first
Diffstat (limited to 'debian/vyos-1x.postinst')
-rw-r--r-- | debian/vyos-1x.postinst | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst index f3dc00b46..b0aefed33 100644 --- a/debian/vyos-1x.postinst +++ b/debian/vyos-1x.postinst @@ -29,6 +29,11 @@ do sed -i "/^# Standard Un\*x authentication\./i${PAM_CONFIG}" $file done +# Both RADIUS and TACACS users belong to aaa group - this must be added first +if ! grep -q '^aaa' /etc/group; then + addgroup --firstgid 1000 --quiet aaa +fi + # Remove TACACS user added by base package - we use our own UID range and group # assignments - see below if grep -q '^tacacs' /etc/passwd; then @@ -74,11 +79,6 @@ if ! grep -q '^tacacs' /etc/passwd; then done 2>&1 | grep -v 'User tacacs${level} already exists' fi - -if ! grep -q '^aaa' /etc/group; then - addgroup --firstgid 1000 --quiet aaa -fi - # Add RADIUS operator user for RADIUS authenticated users to map to if ! grep -q '^radius_user' /etc/passwd; then adduser --quiet --firstuid 1000 --disabled-login --ingroup vyattaop \ |