Provide example on how to run sudo vtysh show commands without password

author Dave Olson <olson@cumulusnetworks.com>

Mon, 27 Jun 2016 16:10:46 +0000 (09:10 -0700)

committer Dave Olson <olson@cumulusnetworks.com>

Mon, 27 Jun 2016 16:39:03 +0000 (09:39 -0700)
author Dave Olson <olson@cumulusnetworks.com>
Mon, 27 Jun 2016 16:10:46 +0000 (09:10 -0700)
committer Dave Olson <olson@cumulusnetworks.com>
Mon, 27 Jun 2016 16:39:03 +0000 (09:39 -0700)
diff --git a/cumulus/etc/sudoers.d/quagga_sudoers b/cumulus/etc/sudoers.d/quagga_sudoers

index 972966c6a82bfbc33f8e76a525304e9c9a5fa8c3..4375d7e5fa7a68a4cf7a206b653539a19a2b2203 100644 (file)
--- a/cumulus/etc/sudoers.d/quagga_sudoers
+++ b/cumulus/etc/sudoers.d/quagga_sudoers
@@ -1 +1,15 @@
  Defaults env_keep += VTYSH_PAGER
+
+# Allow user in  group quagga to run vtysh show commands
+# without a password by uncommenting the "%quagga" line below.
+
+# Subshell commands need to be disallowed, including
+# preventing the user passing command line args like 'start-shell'
+# Since vtysh allows minimum non-conflicting prefix'es, that means
+# anything beginning with the string "st" in any arg.  That's a bit
+# restrictive.
+# Instead, use NOEXEC, to prevent any exec'ed commands.
+
+Cmnd_Alias  VTY_SHOW   = /usr/bin/vtysh -c show *
+# %quagga ALL = (root) NOPASSWD:NOEXEC: VTY_SHOW
+
author	Dave Olson <olson@cumulusnetworks.com>
	Mon, 27 Jun 2016 16:10:46 +0000 (09:10 -0700)
committer	Dave Olson <olson@cumulusnetworks.com>
	Mon, 27 Jun 2016 16:39:03 +0000 (09:39 -0700)