Automatically wrap all script calls in generated templates into sudo sh -c

shemminger once said we already overuse sudo and advocated using capabilities instead, but I think the union of all privilege sets needed equals the root privileges, and in practice admin level users need sudo anyway.
author: Daniil Baturin <daniil@baturin.org> 2017-09-08 04:41:48 +0200
committer: Daniil Baturin <daniil@baturin.org> 2017-09-08 04:41:48 +0200
commit: 79f1f5a884fe7c24785ef9e6a0fb206d873663b7 (patch)
tree: 582e5f34f076d6a24e7184b70fc45db40af5bc11 /scripts/build-command-templates
parent: 8a4aeb2df4f7f1c217834865ca297495057a82bc (diff)
download: vyos-1x-79f1f5a884fe7c24785ef9e6a0fb206d873663b7.tar.gz
vyos-1x-79f1f5a884fe7c24785ef9e6a0fb206d873663b7.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/scripts/build-command-templates b/scripts/build-command-templates
index 17442bfcb..3ed205c07 100755
--- a/scripts/build-command-templates
+++ b/scripts/build-command-templates
@@ -129,7 +129,7 @@ def make_node_def(props):
             node_def += "val_help: {0}; {1}\n".format(v[0], v[1])
 
     if "owner" in props:
-        node_def += "end: {0}\n".format(props["owner"])
+        node_def += "end: sudo sh -c \"{0}\"\n".format(props["owner"])
 
     return node_def
author	Daniil Baturin <daniil@baturin.org>	2017-09-08 04:41:48 +0200
committer	Daniil Baturin <daniil@baturin.org>	2017-09-08 04:41:48 +0200
commit	79f1f5a884fe7c24785ef9e6a0fb206d873663b7 (patch)
tree	582e5f34f076d6a24e7184b70fc45db40af5bc11 /scripts/build-command-templates
parent	8a4aeb2df4f7f1c217834865ca297495057a82bc (diff)
download	vyos-1x-79f1f5a884fe7c24785ef9e6a0fb206d873663b7.tar.gz vyos-1x-79f1f5a884fe7c24785ef9e6a0fb206d873663b7.zip