From 5dd58b08299e85735f19fba1ee307c509fb19de7 Mon Sep 17 00:00:00 2001
From: Donald Sharp <sharpd@cumulusnetworks.com>
Date: Fri, 1 Apr 2016 09:18:22 -0400
Subject: [PATCH] vtysh: Make vtysh run as quagga user

vtysh should be run as the quagga user, else when
you execute a 'wr mem' the Quagga.conf and vtysh.conf
files are owned by whomever started the process.
This can cause file ownership issues.

Ticket: CM-10217
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Reviewed-by: Dave Olson <olson@cumulusnetworks.com>
Reviewed-by: Daniel Walton <dwalton@cumulusnetworks.com>
---
 vtysh/vtysh_main.c | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/vtysh/vtysh_main.c b/vtysh/vtysh_main.c
index d8b769ba20..a063425ff7 100644
--- a/vtysh/vtysh_main.c
+++ b/vtysh/vtysh_main.c
@@ -33,6 +33,7 @@
 #include "getopt.h"
 #include "command.h"
 #include "memory.h"
+#include "privs.h"
 
 #include "vtysh/vtysh.h"
 #include "vtysh/vtysh_user.h"
@@ -40,6 +41,27 @@
 /* VTY shell program name. */
 char *progname;
 
+static zebra_capabilities_t _caps_p [] =
+{
+    ZCAP_BIND,
+    ZCAP_NET_RAW,
+    ZCAP_NET_ADMIN,
+};
+
+struct zebra_privs_t vtysh_privs =
+{
+#if defined(QUAGGA_USER) && defined(QUAGGA_GROUP)
+  .user = QUAGGA_USER,
+  .group = QUAGGA_GROUP,
+#endif
+#ifdef VTY_GROUP
+  .vty_group = VTY_GROUP,
+#endif
+  .caps_p = _caps_p,
+  .cap_num_p = array_size(_caps_p),
+  .cap_num_i = 0,
+};
+
 /* Configuration file name and directory. */
 char config_default[] = SYSCONFDIR VTYSH_DEFAULT_CONFIG;
 char quagga_config_default[] = SYSCONFDIR QUAGGA_DEFAULT_CONFIG;
@@ -303,6 +325,8 @@ main (int argc, char **argv, char **env)
   line_read = NULL;
   setlinebuf(stdout);
 
+  zprivs_init (&vtysh_privs);
+
   /* Signal and others. */
   vtysh_signal_init ();
 
-- 
2.39.5