diff options
| author | Donatas Abraitis <donatas@opensourcerouting.org> | 2024-01-16 21:14:30 +0200 |
|---|---|---|
| committer | Donatas Abraitis <donatas@opensourcerouting.org> | 2024-01-28 19:50:06 +0200 |
| commit | e68c4f053905de7bc965667d57c330d080441cad (patch) | |
| tree | c819132d7c39400d8d899246a1b596f13727aaaa | |
| parent | 4d92badcde7573b97d2acc2228d0ca5fe7168e1e (diff) | |
packaging: Just permit anything if PAM is enabled
With a current pam_rootok.so, it works only with `root` account. If the user
is under `frrvty`, `frr` group, it gets the error:
```
% groups | grep -o -E "frrvty|frr"
frrvty
frr
% vtysh -c 'end'
vtysh_pam: Failed in account validation: Permission denied(6)
```
Checking the logs:
```
vtysh[23930]: pam_rootok(frr:account): root check failed
```
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
| -rw-r--r-- | debian/frr.pam | 2 | ||||
| -rw-r--r-- | redhat/frr.pam | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/debian/frr.pam b/debian/frr.pam index 737b88953b..1077243a12 100644 --- a/debian/frr.pam +++ b/debian/frr.pam @@ -1,4 +1,4 @@ # Any user may call vtysh but only those belonging to the group frrvty can # actually connect to the socket and use the program. auth sufficient pam_permit.so -account sufficient pam_rootok.so +account sufficient pam_permit.so diff --git a/redhat/frr.pam b/redhat/frr.pam index 17a62f1999..a574c5e575 100644 --- a/redhat/frr.pam +++ b/redhat/frr.pam @@ -4,8 +4,8 @@ ##### if running frr as root: # Only allow root (and possibly wheel) to use this because enable access # is unrestricted. -auth sufficient pam_rootok.so -account sufficient pam_rootok.so +auth sufficient pam_permit.so +account sufficient pam_permit.so # Uncomment the following line to implicitly trust users in the "wheel" group. #auth sufficient pam_wheel.so trust use_uid |