diff options
| author | Daniil Baturin <daniil@baturin.org> | 2025-05-16 12:39:44 +0100 |
|---|---|---|
| committer | Daniil Baturin <daniil@baturin.org> | 2025-05-16 12:39:44 +0100 |
| commit | 6b562aae240927c14f629b9307583013bc3a9008 (patch) | |
| tree | 6f52b65b8ba6a737fdccbfef444bfe724f64a838 /src/opt | |
| parent | 572400156976a5fc36e1dbe2fcdaf12d61510e13 (diff) | |
| download | vyos-1x-6b562aae240927c14f629b9307583013bc3a9008.tar.gz vyos-1x-6b562aae240927c14f629b9307583013bc3a9008.zip | |
op-mode: T7459: eliminate direct use of sudo in op mode commands
Diffstat (limited to 'src/opt')
| -rw-r--r-- | src/opt/vyatta/share/vyatta-op/functions/interpreter/vyatta-op-run | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/src/opt/vyatta/share/vyatta-op/functions/interpreter/vyatta-op-run b/src/opt/vyatta/share/vyatta-op/functions/interpreter/vyatta-op-run index f0479ae88..6bc77b61d 100644 --- a/src/opt/vyatta/share/vyatta-op/functions/interpreter/vyatta-op-run +++ b/src/opt/vyatta/share/vyatta-op/functions/interpreter/vyatta-op-run @@ -222,10 +222,21 @@ _vyatta_op_run () local cmd_regex="^(LESSOPEN=|less|pager|tail|(sudo )?$file_cmd).*" if [ -n "$run_cmd" ]; then eval $restore_shopts - if [[ -t 1 && "${args[1]}" == "show" && ! $run_cmd =~ $cmd_regex ]] ; then - eval "($run_cmd) | ${VYATTA_PAGER:-cat}" - else + if [[ "${args[1]}" == "configure" ]]; then + # The "configure" command modifies the shell environment + # and must run in the current shell. + eval "$run_cmd" + elif [[ "${args[1]} ${args[2]}" =~ ^set[[:space:]]+(builtin|terminal) ]]; then + # Some commands like "set terminal width" + # only affect the user shell + # (so they don't need special privileges) + # and must be executed directly in the current shell + # to be able to do their job. eval "$run_cmd" + elif [[ -t 1 && "${args[1]}" == "show" && ! $run_cmd =~ $cmd_regex ]] ; then + eval "(sudo $run_cmd) | ${VYATTA_PAGER:-cat}" + else + eval "sudo $run_cmd" fi else echo -ne "\n Incomplete command: ${args[@]}\n\n" >&2 |