From 469267b21944e2469b0faf0bc1b54dad15b1bbcc Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Mon, 28 Aug 2023 21:24:14 +0200
Subject: Debian: T5521: both RADIUS and TACACS users belong to aaa group, add
 group first

---
 debian/vyos-1x.postinst | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'debian/vyos-1x.postinst')

diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst
index f3dc00b46..b0aefed33 100644
--- a/debian/vyos-1x.postinst
+++ b/debian/vyos-1x.postinst
@@ -29,6 +29,11 @@ do
     sed -i "/^# Standard Un\*x authentication\./i${PAM_CONFIG}" $file
 done
 
+# Both RADIUS and TACACS users belong to aaa group - this must be added first
+if ! grep -q '^aaa' /etc/group; then
+    addgroup --firstgid 1000 --quiet aaa
+fi
+
 # Remove TACACS user added by base package - we use our own UID range and group
 # assignments - see below
 if grep -q '^tacacs' /etc/passwd; then
@@ -74,11 +79,6 @@ if ! grep -q '^tacacs' /etc/passwd; then
     done 2>&1 | grep -v 'User tacacs${level} already exists'
 fi
 
-
-if ! grep -q '^aaa' /etc/group; then
-    addgroup --firstgid 1000 --quiet aaa
-fi
-
 # Add RADIUS operator user for RADIUS authenticated users to map to
 if ! grep -q '^radius_user' /etc/passwd; then
     adduser --quiet --firstuid 1000 --disabled-login --ingroup vyattaop \
-- 
cgit v1.2.3