1 files changed, 10 insertions, 4 deletions

diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst
index b0aefed33..b43416152 100644
--- a/debian/vyos-1x.postinst
+++ b/debian/vyos-1x.postinst
@@ -1,4 +1,4 @@
-#!/bin/sh -e
+#!/bin/bash
 
 # Turn off Debian default for %sudo
 sed -i -e '/^%sudo/d' /etc/sudoers || true
@@ -29,6 +29,11 @@ do
     sed -i "/^# Standard Un\*x authentication\./i${PAM_CONFIG}" $file
 done
 
+# We do not make use of a TACACS UNIX group - drop it
+if grep -q '^tacacs' /etc/group; then
+    delgroup tacacs
+fi
+
 # Both RADIUS and TACACS users belong to aaa group - this must be added first
 if ! grep -q '^aaa' /etc/group; then
     addgroup --firstgid 1000 --quiet aaa
@@ -42,6 +47,7 @@ if grep -q '^tacacs' /etc/passwd; then
         vyos_group=vyattaop
         while [ $level -lt 16 ]; do
             userdel tacacs${level} || true
+            rm -rf /home/tacacs${level} || true
             level=$(( level+1 ))
         done 2>&1
     fi
@@ -58,7 +64,7 @@ if ! grep -q '^tacacs' /etc/passwd; then
     level=0
     vyos_group=vyattaop
     while [ $level -lt 16 ]; do
-        adduser --quiet --system --firstuid 900 --disabled-login --ingroup ${vyos_group} \
+        adduser --quiet --system --firstuid 900 --disabled-login --ingroup users \
             --no-create-home --gecos "TACACS+ mapped user at privilege level ${level}" \
             --shell /bin/vbash tacacs${level}
         adduser --quiet tacacs${level} frrvty
@@ -81,7 +87,7 @@ fi
 
 # Add RADIUS operator user for RADIUS authenticated users to map to
 if ! grep -q '^radius_user' /etc/passwd; then
-    adduser --quiet --firstuid 1000 --disabled-login --ingroup vyattaop \
+    adduser --quiet --firstuid 1000 --disabled-login --ingroup users \
         --no-create-home --gecos "RADIUS mapped user at privilege level operator" \
         --shell /sbin/radius_shell radius_user
     adduser --quiet radius_user frrvty
@@ -95,7 +101,7 @@ fi
 
 # Add RADIUS admin user for RADIUS authenticated users to map to
 if ! grep -q '^radius_priv_user' /etc/passwd; then
-    adduser --quiet --firstuid 1000 --disabled-login --ingroup vyattacfg \
+    adduser --quiet --firstuid 1000 --disabled-login --ingroup users \
         --no-create-home --gecos "RADIUS mapped user at privilege level admin" \
         --shell /sbin/radius_shell radius_priv_user
     adduser --quiet radius_priv_user frrvty