diff options
| author | Christian Breunig <christian@breunig.cc> | 2024-01-09 07:32:41 +0100 |
|---|---|---|
| committer | Christian Breunig <christian@breunig.cc> | 2024-01-09 07:34:25 +0100 |
| commit | 07e802a2d3f98cdf29928bf321cc8b89cb41766c (patch) | |
| tree | cff914f134f7e71e9c1cce570e4a8e0320e95877 /src/helpers | |
| parent | fc6926fdf32a7bdf9f943c7818ee6ea4a8131fba (diff) | |
| download | vyos-1x-07e802a2d3f98cdf29928bf321cc8b89cb41766c.tar.gz vyos-1x-07e802a2d3f98cdf29928bf321cc8b89cb41766c.zip | |
boot-config-loader: T1622: add missing groups to failsafe user
This extends commit 86d1291ec5 ("[boot-config-loader] T1622: Add failsafe
and back trace") and adds missing groups to the vyos user. Without this
change the vyos user will only have operator (vyos@vyos>) privileges,
even if this level is discontinued.
One could hack himself up as the user has sudo rights, but rather place
the user in the right groups from the beginning.
NOTE: This user is only added if booted with "vyos-config-debug" and
an error when the configuration can not be loaded at all.
Diffstat (limited to 'src/helpers')
| -rwxr-xr-x | src/helpers/vyos-boot-config-loader.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/helpers/vyos-boot-config-loader.py b/src/helpers/vyos-boot-config-loader.py index 01b06526d..42de696ce 100755 --- a/src/helpers/vyos-boot-config-loader.py +++ b/src/helpers/vyos-boot-config-loader.py @@ -102,7 +102,8 @@ def failsafe(config_file_name): 'authentication', 'encrypted-password']) - cmd(f"useradd -s /bin/bash -G 'users,sudo' -m -N -p '{passwd}' vyos") + cmd(f"useradd --create-home --no-user-group --shell /bin/vbash --password '{passwd}' "\ + "--groups frr,frrvty,vyattacfg,sudo,adm,dip,disk vyos") if __name__ == '__main__': if len(sys.argv) < 2: |