Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[tacacs] To modify local user permission according to priv lvl #1804

Merged
merged 1 commit into from
Jun 22, 2018
Merged

[tacacs] To modify local user permission according to priv lvl #1804

merged 1 commit into from
Jun 22, 2018

Conversation

taoyl-ms
Copy link
Contributor

- What I did
In the previous version, the local user properties are only determined during the user creation - the first time the user logins. This leaves a potential defect that when user privilege is modified remotely on TACACS server, the local user permission is not updated.

This commit fixes the issue described above.

- How I did it

In lookup_user_pw() function of libnss, after trying to find user information from local passwd, perform a usermod if the user is found locally.

- How to verify it

  1. Define a user with priv-lvl 15 on TACACS server, login with this user account. User should be able to sudo.
  2. Modify the priv-lvl to 1 on TACACS server. Logout and re-login, verify that the user is no longer able to sudo now.

@taoyl-ms taoyl-ms requested a review from lguohan June 21, 2018 21:45
@taoyl-ms
Copy link
Contributor Author

@liuqu, could you help review this PR?

liuqu
liuqu approved these changes Jun 22, 2018
View reviewed changes
Copy link

@liuqu liuqu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@lguohan lguohan merged commit deacbb8 into sonic-net:master Jun 22, 2018
lguohan pushed a commit that referenced this pull request Jun 25, 2018
@taoyl-ms @lguohan
[tacacs] To modify local user permission according to priv lvl (#1804)
c6d43c4
tiantianlv pushed a commit to tiantianlv/sonic-buildimage that referenced this pull request Jul 30, 2018
Revert "[tacacs] To modify local user permission according to priv lvl (
068976a 
sonic-net#1804)"

This reverts commit c6d43c4.
@lguohan lguohan mentioned this pull request Feb 5, 2021
Closed
abdosi added a commit that referenced this pull request Oct 8, 2021
@abdosi
[Submodule update] sonic-utilities
827f0fe 
3b7803245af97b77203ab51f666bffeb15339149 (HEAD -> 201911, origin/201911) [fast-reboot] Remove FLEX_COUNTER_TABLE from config_db.json before reboot (#1804)
Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@liuqu liuqu liuqu approved these changes

@lguohan lguohan Awaiting requested review from lguohan

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@taoyl-ms @liuqu @lguohan