blob: 136d025d4e3a17ccd8f51ebd99ff534902b70423 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
#!/bin/sh -e
if ! deb-systemd-helper --quiet was-enabled salt-minion.service; then
# Enables the unit on first installation, creates new
# symlinks on upgrades if the unit file has changed.
deb-systemd-helper disable salt-minion.service >/dev/null || true
fi
if [ -x "/etc/init.d/salt-minion" ]; then
update-rc.d -f salt-minion remove >/dev/null
fi
# Add minion user for salt-minion
if ! grep -q '^minion' /etc/passwd; then
adduser --quiet --firstuid 100 --system --disabled-login --ingroup vyattacfg \
--gecos "salt minion user" --shell /bin/vbash minion
adduser --quiet minion frrvty
adduser --quiet minion sudo
adduser --quiet minion adm
adduser --quiet minion dip
adduser --quiet minion disk
adduser --quiet minion users
fi
# OpenVPN should get its own user
if ! grep -q '^openvpn' /etc/passwd; then
adduser --quiet --firstuid 100 --system --group --shell /usr/sbin/nologin openvpn
fi
# Add RADIUS operator user for RADIUS authenticated users to map to
if ! grep -q '^radius_user' /etc/passwd; then
adduser --quiet --firstuid 1000 --disabled-login --ingroup vyattaop \
--no-create-home --gecos "radius user" \
--shell /sbin/radius_shell radius_user
adduser --quiet radius_user frrvty
adduser --quiet radius_user vyattaop
adduser --quiet radius_user operator
adduser --quiet radius_user adm
adduser --quiet radius_user dip
adduser --quiet radius_user users
fi
# Add RADIUS admin user for RADIUS authenticated users to map to
if ! grep -q '^radius_priv_user' /etc/passwd; then
adduser --quiet --firstuid 1000 --disabled-login --ingroup vyattacfg \
--no-create-home --gecos "radius privileged user" \
--shell /sbin/radius_shell radius_priv_user
adduser --quiet radius_priv_user frrvty
adduser --quiet radius_priv_user vyattacfg
adduser --quiet radius_priv_user sudo
adduser --quiet radius_priv_user adm
adduser --quiet radius_priv_user dip
adduser --quiet radius_priv_user disk
adduser --quiet radius_priv_user users
fi
# add hostsd group for vyos-hostsd
if ! grep -q '^hostsd' /etc/group; then
addgroup --quiet --system hostsd
fi
# add dhcpd user for dhcp-server
if ! grep -q '^dhcpd' /etc/passwd; then
adduser --quiet --system --disabled-login --no-create-home --home /run/dhcp-server dhcpd
adduser --quiet dhcpd hostsd
fi
# ensure hte proxy user has a proper shell
chsh -s /bin/sh proxy
# vyatta-cfg-vpn migration
for init in openswan ipsec setkey; do
update-rc.d -f ${init} remove >/dev/null
done
# remove keys
rm -f /etc/ipsec.secrets
touch /etc/ipsec.secrets
chown root:root /etc/ipsec.secrets
chmod 600 /etc/ipsec.secrets
rm -f /etc/ipsec.d/private/localhost.localdomainKey.pem
rm -f /etc/ipsec.d/certs/localhost.localdomainCert.pem
|
