Ede_Vau
/
frr
mirror of https://github.com/FRRouting/frr.git
1
1
Fork 0
Code Issues Releases Wiki Activity

packaging: Just permit anything if PAM is enabled 

With a current pam_rootok.so, it works only with `root` account. If the user
is under `frrvty`, `frr` group, it gets the error:

```
% groups | grep -o -E "frrvty|frr"
frrvty
frr

% vtysh -c 'end'
vtysh_pam: Failed in account validation: Permission denied(6)
```

Checking the logs:

```
vtysh[23930]: pam_rootok(frr:account): root check failed
```

Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
This commit is contained in:
Donatas Abraitis 2024-01-16 21:14:30 +02:00
parent 4d92badcde
commit e68c4f0539
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
debian/frr.pam vendored
View File

@ -1,4 +1,4 @@
# Any user may call vtysh but only those belonging to the group frrvty can
# actually connect to the socket and use the program.
auth sufficient pam_permit.so
account sufficient pam_rootok.so
account sufficient pam_permit.so

4
redhat/frr.pam
View File

@ -4,8 +4,8 @@
##### if running frr as root:
# Only allow root (and possibly wheel) to use this because enable access
# is unrestricted.
auth sufficient pam_rootok.so
account sufficient pam_rootok.so
auth sufficient pam_permit.so
account sufficient pam_permit.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid