Skip to content

[tacacs] To modify local user permission according to priv lvl#1804

Merged
lguohan merged 1 commit intosonic-net:masterfrom
taoyl-ms:taoyl/tacacs_usermod
Jun 22, 2018
Merged

[tacacs] To modify local user permission according to priv lvl#1804
lguohan merged 1 commit intosonic-net:masterfrom
taoyl-ms:taoyl/tacacs_usermod

Conversation

@taoyl-ms
Copy link
Copy Markdown
Contributor

@taoyl-ms taoyl-ms commented Jun 21, 2018

- What I did
In the previous version, the local user properties are only determined during the user creation - the first time the user logins. This leaves a potential defect that when user privilege is modified remotely on TACACS server, the local user permission is not updated.

This commit fixes the issue described above.

- How I did it

In lookup_user_pw() function of libnss, after trying to find user information from local passwd, perform a usermod if the user is found locally.

- How to verify it

  1. Define a user with priv-lvl 15 on TACACS server, login with this user account. User should be able to sudo.
  2. Modify the priv-lvl to 1 on TACACS server. Logout and re-login, verify that the user is no longer able to sudo now.

@taoyl-ms taoyl-ms requested a review from lguohan June 21, 2018 21:45
@taoyl-ms
Copy link
Copy Markdown
Contributor Author

taoyl-ms commented Jun 21, 2018

@liuqu, could you help review this PR?

liuqu
liuqu approved these changes Jun 22, 2018
View reviewed changes
Copy link
Copy Markdown

@liuqu liuqu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@lguohan lguohan merged commit deacbb8 into sonic-net:master Jun 22, 2018
lguohan pushed a commit that referenced this pull request Jun 25, 2018
@taoyl-ms @lguohan
[tacacs] To modify local user permission according to priv lvl (#1804)
c6d43c4
tiantianlv pushed a commit to tiantianlv/sonic-buildimage that referenced this pull request Jul 30, 2018
Revert "[tacacs] To modify local user permission according to priv lvl (
068976a 
sonic-net#1804)"

This reverts commit c6d43c4.
@lguohan lguohan mentioned this pull request Feb 5, 2021
Closed
abdosi added a commit that referenced this pull request Oct 8, 2021
@abdosi
[Submodule update] sonic-utilities
827f0fe 
3b7803245af97b77203ab51f666bffeb15339149 (HEAD -> 201911, origin/201911) [fast-reboot] Remove FLEX_COUNTER_TABLE from config_db.json before reboot (#1804)
Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@liuqu liuqu liuqu approved these changes

@lguohan lguohan Awaiting requested review from lguohan

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@taoyl-ms @liuqu @lguohan