Date: Fri, 4 Jul 2008 02:21:06 +0200 From: =?UTF-8?Q?Daniel_Dvo=C5=99=C3=A1k?= <dandee@hellteam.net> To: "'Boris Kovalenko'" <boris@tagnet.ru> Cc: ports@FreeBSD.org Subject: RE: FreeBSD Port: quagga-0.99.9_7 Message-ID: <62D65AA82AE44ED5A9895D4D0B400BCC@tocnet28.jspoj.czf> In-Reply-To: <486310B1.4000403@tagnet.ru> References: <003701c8ce58$ecc88fb0$6508280a@tocnet28.jspoj.czf> <486310B1.4000403@tagnet.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Boris, I am sorry for my late answer. I was on holidays. >I remember Makefile has ENABLE_VTY_GROUP knob, so You may use it. Is it = what You need? egrep "ENABLE_VTY_GROUP" /usr/ports/net/quagga/Makefile .if defined(ENABLE_VTY_GROUP) CONFIGURE_ARGS+=3D--enable-vty-group=3D${ENABLE_VTY_GROUP} @${ECHO} "ENABLE_VTY_GROUP Specify group for vty socket = ownership" But it seems it is not enabled, isn=C2=B4t it ? I'm not sure if this is it, but I would like to behave the quagga in = Debian (Linux) and FreeBSD consistently. In contrast, FreeBSD, Linux also has a file named quagga in the = directory /etc/pam.d/. This file is not in FreeBSD in directory /usr/local/etc/pam.d or = /etc/pam.d, which I would in the case of second option even understand. Perhaps to FreeBSD is not needed, but then what exactly in the table the = options of quagga when compiling means the possibility of "PAM PAM = authentication for vtysh" ? However, the aim is this: I have an user XXX and I want him to give sufficient privileges to = manipulate the quagga. I do not want to give him permission through sudo = or through su commands. In addition, I want in order to when in the = vtysh.conf file, the user XXX is set with the possibility of nopassword, = vtysh not ask me for a password to the quagga. Sh interpreter is preset to FreeBSD systems, so that the goal is for = these above-mentioned conditions, to run vtysh straight and asks for = nothing. So far, only what the user see the error message: > Vtysh Exiting: failed to connect to any daemons. > I do not know how to do, to ask me, but the goal is identical behavior = quagga on FreeBSD to Linux systems and that=C2=B4s all, not more and not = less. Thank you. Regards, Daniel -----Original Message----- From: Boris Kovalenko [mailto:boris@tagnet.ru]=20 Sent: Thursday, June 26, 2008 5:45 AM To: dandee@hellteam.net Subject: Re: FreeBSD Port: quagga-0.99.9_7 Hello, Daniel! I remember Makefile has ENABLE_VTY_GROUP knob, so You may use it. Is it = what You need? > Hi Boris, > I would like to turn your attention on one little bug in quagga on=20 > FreeBSD. > Why don=C2=B4t we user groupname quaggavty from the beginning when the = > quagga had been ported to FreeBSD ? > What do I mena ? I will show you the diffrence between quagga on=20 > Debian and on our FreeBSD. > They use group quaggavty for command vtysh and they help themself with = > pam.d/quagga file. > user@server$ <mailto:user@server$> ls -l /etc/pam.d/quagga > -rw-r--r-- 1 root root 162 2007-09-26 08:20 /etc/pam.d/quagga user$=20 > cat /etc/pam.d/quagga # Any user may call vtysh but only those=20 > belonging to the group quaggavty can # actually connect to the socket=20 > and use the program. > auth sufficient pam_permit.so > user@server$ <mailto:user@server$> whoami user user@server$=20 > <mailto:user@server$> ls -l /etc/quagga/vtysh.conf > -rw-rw---- 1 quagga quaggavty 63 2008-01-10 01:28=20 > /etc/quagga/vtysh.conf user@server$ <mailto:user@server$> cat=20 > /etc/quagga/vtysh.conf username user nopassword username root=20 > nopassword log syslog user@server$ <mailto:user@server$> egrep=20 > quaggavty /etc/group quaggavty:x:106:user user@server$=20 > <mailto:user@server$> vtysh Hello, this is Quagga (version 0.99.5). > Copyright 1996-2005 Kunihiro Ishiguro, et al. > server# exit > user@server$ <mailto:user@server$> > So here it works, now FreeBSD: > > whoami > resu > > ls -l /etc/pam.d/quagga > ls: /etc/pam.d/quagga: No such file or directory > > ls -l /usr/local/etc/pam.d/quagga > ls: /usr/local/etc/pam.d/quagga: No such file or directory > > ls -l /usr/local/etc/quagga/vtysh.conf > -rw-rw-r-- 1 quagga quagga 129 10 led 01:52=20 > /usr/local/etc/quagga/vtysh.conf > > cat /usr/local/etc/quagga/vtysh.conf > username resu nopassword > username root nopassword > log syslog > > pw group show quagga > quagga:*:101:resu > > vtysh > Exiting: failed to connect to any daemons. > > > Is possible to repair it ? How can I assit you ? > It would be good if new version 0.99.10 will count with vtysh like on=20 > Debian. > Thank you. > Bye. > Daniel Regards, Boris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?62D65AA82AE44ED5A9895D4D0B400BCC>