From owner-freebsd-ports@FreeBSD.ORG Fri Jul 4 00:21:09 2008 Return-Path: Delivered-To: ports@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 472D51065672 for ; Fri, 4 Jul 2008 00:21:09 +0000 (UTC) (envelope-from dandee@hellteam.net) Received: from lucifer.hellteam.net (lucifer.hellteam.net [88.86.107.21]) by mx1.freebsd.org (Postfix) with ESMTP id CE00B8FC13 for ; Fri, 4 Jul 2008 00:21:08 +0000 (UTC) (envelope-from dandee@hellteam.net) Received: from smtp.hellteam.net (rik.hellteam.net [78.108.102.225]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by lucifer.hellteam.net (Postfix) with ESMTPS id 4191C6DC; Fri, 4 Jul 2008 02:22:04 +0200 (CEST) Received: from gandalf (gandalf.tocnet28.jspoj.czf [10.40.8.101]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by smtp.hellteam.net (Postfix) with ESMTP id D2211570066; Fri, 4 Jul 2008 02:21:07 +0200 (CEST) From: =?UTF-8?Q?Daniel_Dvo=C5=99=C3=A1k?= To: "'Boris Kovalenko'" References: <003701c8ce58$ecc88fb0$6508280a@tocnet28.jspoj.czf> <486310B1.4000403@tagnet.ru> Date: Fri, 4 Jul 2008 02:21:06 +0200 Organization: Projekt HELL Message-ID: <62D65AA82AE44ED5A9895D4D0B400BCC@tocnet28.jspoj.czf> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Priority: 1 (Highest) X-MSMail-Priority: High X-Mailer: Microsoft Office Outlook 11 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512 In-Reply-To: <486310B1.4000403@tagnet.ru> Thread-Index: AcjXPxXgZVzrr/n6TVqi6K0yeJBWxQGJB4/Q Importance: High Cc: ports@FreeBSD.org Subject: RE: FreeBSD Port: quagga-0.99.9_7 X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dandee@hellteam.net List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Jul 2008 00:21:09 -0000 Hi Boris, I am sorry for my late answer. I was on holidays. >I remember Makefile has ENABLE_VTY_GROUP knob, so You may use it. Is it = what You need? egrep "ENABLE_VTY_GROUP" /usr/ports/net/quagga/Makefile .if defined(ENABLE_VTY_GROUP) CONFIGURE_ARGS+=3D--enable-vty-group=3D${ENABLE_VTY_GROUP} @${ECHO} "ENABLE_VTY_GROUP Specify group for vty socket = ownership" But it seems it is not enabled, isn=C2=B4t it ? I'm not sure if this is it, but I would like to behave the quagga in = Debian (Linux) and FreeBSD consistently. In contrast, FreeBSD, Linux also has a file named quagga in the = directory /etc/pam.d/. This file is not in FreeBSD in directory /usr/local/etc/pam.d or = /etc/pam.d, which I would in the case of second option even understand. Perhaps to FreeBSD is not needed, but then what exactly in the table the = options of quagga when compiling means the possibility of "PAM PAM = authentication for vtysh" ? However, the aim is this: I have an user XXX and I want him to give sufficient privileges to = manipulate the quagga. I do not want to give him permission through sudo = or through su commands. In addition, I want in order to when in the = vtysh.conf file, the user XXX is set with the possibility of nopassword, = vtysh not ask me for a password to the quagga. Sh interpreter is preset to FreeBSD systems, so that the goal is for = these above-mentioned conditions, to run vtysh straight and asks for = nothing. So far, only what the user see the error message: > Vtysh Exiting: failed to connect to any daemons. > I do not know how to do, to ask me, but the goal is identical behavior = quagga on FreeBSD to Linux systems and that=C2=B4s all, not more and not = less. Thank you. Regards, Daniel -----Original Message----- From: Boris Kovalenko [mailto:boris@tagnet.ru]=20 Sent: Thursday, June 26, 2008 5:45 AM To: dandee@hellteam.net Subject: Re: FreeBSD Port: quagga-0.99.9_7 Hello, Daniel! I remember Makefile has ENABLE_VTY_GROUP knob, so You may use it. Is it = what You need? > Hi Boris, > I would like to turn your attention on one little bug in quagga on=20 > FreeBSD. > Why don=C2=B4t we user groupname quaggavty from the beginning when the = > quagga had been ported to FreeBSD ? > What do I mena ? I will show you the diffrence between quagga on=20 > Debian and on our FreeBSD. > They use group quaggavty for command vtysh and they help themself with = > pam.d/quagga file. > user@server$ ls -l /etc/pam.d/quagga > -rw-r--r-- 1 root root 162 2007-09-26 08:20 /etc/pam.d/quagga user$=20 > cat /etc/pam.d/quagga # Any user may call vtysh but only those=20 > belonging to the group quaggavty can # actually connect to the socket=20 > and use the program. > auth sufficient pam_permit.so > user@server$ whoami user user@server$=20 > ls -l /etc/quagga/vtysh.conf > -rw-rw---- 1 quagga quaggavty 63 2008-01-10 01:28=20 > /etc/quagga/vtysh.conf user@server$ cat=20 > /etc/quagga/vtysh.conf username user nopassword username root=20 > nopassword log syslog user@server$ egrep=20 > quaggavty /etc/group quaggavty:x:106:user user@server$=20 > vtysh Hello, this is Quagga (version 0.99.5). > Copyright 1996-2005 Kunihiro Ishiguro, et al. > server# exit > user@server$ > So here it works, now FreeBSD: > > whoami > resu > > ls -l /etc/pam.d/quagga > ls: /etc/pam.d/quagga: No such file or directory > > ls -l /usr/local/etc/pam.d/quagga > ls: /usr/local/etc/pam.d/quagga: No such file or directory > > ls -l /usr/local/etc/quagga/vtysh.conf > -rw-rw-r-- 1 quagga quagga 129 10 led 01:52=20 > /usr/local/etc/quagga/vtysh.conf > > cat /usr/local/etc/quagga/vtysh.conf > username resu nopassword > username root nopassword > log syslog > > pw group show quagga > quagga:*:101:resu > > vtysh > Exiting: failed to connect to any daemons. > > > Is possible to repair it ? How can I assit you ? > It would be good if new version 0.99.10 will count with vtysh like on=20 > Debian. > Thank you. > Bye. > Daniel Regards, Boris