summaryrefslogtreecommitdiff
path: root/debian/vyos-1x.postinst
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-08-28 21:46:23 +0200
committerChristian Breunig <christian@breunig.cc>2023-08-28 21:46:23 +0200
commit30390ac4b8e631bebad9082c75615cb147263c2e (patch)
tree1efb532dfc695a5557375bb800fdc9117c0f7d8b /debian/vyos-1x.postinst
parent469267b21944e2469b0faf0bc1b54dad15b1bbcc (diff)
downloadvyos-1x-30390ac4b8e631bebad9082c75615cb147263c2e.tar.gz
vyos-1x-30390ac4b8e631bebad9082c75615cb147263c2e.zip
Debian: T5521: place AAA users in users group (besides aaa group)
Diffstat (limited to 'debian/vyos-1x.postinst')
-rw-r--r--debian/vyos-1x.postinst10
1 files changed, 6 insertions, 4 deletions
diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst
index b0aefed33..f262cbfa2 100644
--- a/debian/vyos-1x.postinst
+++ b/debian/vyos-1x.postinst
@@ -58,9 +58,11 @@ if ! grep -q '^tacacs' /etc/passwd; then
level=0
vyos_group=vyattaop
while [ $level -lt 16 ]; do
- adduser --quiet --system --firstuid 900 --disabled-login --ingroup ${vyos_group} \
- --no-create-home --gecos "TACACS+ mapped user at privilege level ${level}" \
+ adduser --quiet --system --firstuid 900 --disabled-login --ingroup users \
+ --home /home/tacacs${level} --gecos "TACACS+ mapped user at privilege level ${level}" \
--shell /bin/vbash tacacs${level}
+ # fix home permission - onl required b/c of system user
+ chmod 700 /home/tacacs${level}
adduser --quiet tacacs${level} frrvty
adduser --quiet tacacs${level} adm
adduser --quiet tacacs${level} dip
@@ -81,7 +83,7 @@ fi
# Add RADIUS operator user for RADIUS authenticated users to map to
if ! grep -q '^radius_user' /etc/passwd; then
- adduser --quiet --firstuid 1000 --disabled-login --ingroup vyattaop \
+ adduser --quiet --firstuid 1000 --disabled-login --ingroup users \
--no-create-home --gecos "RADIUS mapped user at privilege level operator" \
--shell /sbin/radius_shell radius_user
adduser --quiet radius_user frrvty
@@ -95,7 +97,7 @@ fi
# Add RADIUS admin user for RADIUS authenticated users to map to
if ! grep -q '^radius_priv_user' /etc/passwd; then
- adduser --quiet --firstuid 1000 --disabled-login --ingroup vyattacfg \
+ adduser --quiet --firstuid 1000 --disabled-login --ingroup users \
--no-create-home --gecos "RADIUS mapped user at privilege level admin" \
--shell /sbin/radius_shell radius_priv_user
adduser --quiet radius_priv_user frrvty