matthew/sonic-buildimage
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[cli]: Update sudoers file to ensure no 'show' commands prompt for sudo password (#1632)

Browse Source 
* [sonic-utilities] Update submodule

* Update sudoers file to ensure no 'show' commands prompt for sudo
This commit is contained in:
Joe LeVeque 2018-04-23 13:43:16 -07:00 committed by lguohan
parent 509e1c4749
commit 242f86d2dc
2 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
files/image_config/sudoers/sudoers
View File

@ -17,19 +17,22 @@ Defaults env_keep += "VTYSH_PAGER"
# Cmnd alias specification
# Note: bcmcmd is dangerous for users in read only netgroups because it may operate ASIC
Cmnd_Alias READ_ONLY_CMDS = /usr/bin/decode-syseeprom, \
Cmnd_Alias READ_ONLY_CMDS = /sbin/brctl show, \
/usr/bin/decode-syseeprom, \
/usr/bin/docker images *, \
/usr/bin/docker exec -it snmp cat /etc/snmp/snmpd.conf, \
/usr/bin/docker exec -it bgp cat /etc/quagga/bgpd.conf, \
/usr/bin/docker ps, \
/usr/bin/docker exec snmp cat /etc/snmp/snmpd.conf, \
/usr/bin/docker exec bgp cat /etc/quagga/bgpd.conf, \
/usr/bin/docker exec * ps aux, \
/usr/bin/docker ps*, \
/usr/bin/generate_dump, \
/usr/bin/lldpctl, \
/usr/bin/lldpshow, \
/usr/bin/psuutil *, \
/usr/bin/sensors, \
/usr/bin/sfputil show *, \
/usr/bin/vtysh -c show *, \
/bin/cat /var/log/syslog, \
/usr/bin/tail -f /var/log/syslog
/bin/cat /var/log/syslog*, \
/usr/bin/tail -F /var/log/syslog
Cmnd_Alias PASSWD_CMDS = /usr/bin/config tacacs passkey *, \
/usr/sbin/chpasswd *
@ -49,3 +52,4 @@ Defaults!PASSWD_CMDS !syslog
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d

2
src/sonic-utilities

@ -1 +1 @@
Subproject commit b2da06271c0ad9b9f054d16b8913f8279c9aea17
Subproject commit da9476e90a7d5c9f784f5f22e0bcda13f4450c2b