From 30390ac4b8e631bebad9082c75615cb147263c2e Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Mon, 28 Aug 2023 21:46:23 +0200 Subject: Debian: T5521: place AAA users in users group (besides aaa group) --- debian/vyos-1x.postinst | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'debian') diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst index b0aefed33..f262cbfa2 100644 --- a/debian/vyos-1x.postinst +++ b/debian/vyos-1x.postinst @@ -58,9 +58,11 @@ if ! grep -q '^tacacs' /etc/passwd; then level=0 vyos_group=vyattaop while [ $level -lt 16 ]; do - adduser --quiet --system --firstuid 900 --disabled-login --ingroup ${vyos_group} \ - --no-create-home --gecos "TACACS+ mapped user at privilege level ${level}" \ + adduser --quiet --system --firstuid 900 --disabled-login --ingroup users \ + --home /home/tacacs${level} --gecos "TACACS+ mapped user at privilege level ${level}" \ --shell /bin/vbash tacacs${level} + # fix home permission - onl required b/c of system user + chmod 700 /home/tacacs${level} adduser --quiet tacacs${level} frrvty adduser --quiet tacacs${level} adm adduser --quiet tacacs${level} dip @@ -81,7 +83,7 @@ fi # Add RADIUS operator user for RADIUS authenticated users to map to if ! grep -q '^radius_user' /etc/passwd; then - adduser --quiet --firstuid 1000 --disabled-login --ingroup vyattaop \ + adduser --quiet --firstuid 1000 --disabled-login --ingroup users \ --no-create-home --gecos "RADIUS mapped user at privilege level operator" \ --shell /sbin/radius_shell radius_user adduser --quiet radius_user frrvty @@ -95,7 +97,7 @@ fi # Add RADIUS admin user for RADIUS authenticated users to map to if ! grep -q '^radius_priv_user' /etc/passwd; then - adduser --quiet --firstuid 1000 --disabled-login --ingroup vyattacfg \ + adduser --quiet --firstuid 1000 --disabled-login --ingroup users \ --no-create-home --gecos "RADIUS mapped user at privilege level admin" \ --shell /sbin/radius_shell radius_priv_user adduser --quiet radius_priv_user frrvty -- cgit v1.2.3