Date: Fri, 4 Jul 2008 02:21:06 +0200 From: =?UTF-8?Q?Daniel_Dvo=C5=99=C3=A1k?= <dandee@hellteam.net> To: "'Boris Kovalenko'" <boris@tagnet.ru> Cc: ports@FreeBSD.org Subject: RE: FreeBSD Port: quagga-0.99.9_7 Message-ID: <62D65AA82AE44ED5A9895D4D0B400BCC@tocnet28.jspoj.czf> In-Reply-To: <486310B1.4000403@tagnet.ru> References: <003701c8ce58$ecc88fb0$6508280a@tocnet28.jspoj.czf> <486310B1.4000403@tagnet.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Boris,
I am sorry for my late answer. I was on holidays.
>I remember Makefile has ENABLE_VTY_GROUP knob, so You may use it. Is it =
what You need?
egrep "ENABLE_VTY_GROUP" /usr/ports/net/quagga/Makefile
.if defined(ENABLE_VTY_GROUP)
CONFIGURE_ARGS+=3D--enable-vty-group=3D${ENABLE_VTY_GROUP}
@${ECHO} "ENABLE_VTY_GROUP Specify group for vty socket =
ownership"
But it seems it is not enabled, isn=C2=B4t it ?
I'm not sure if this is it, but I would like to behave the quagga in =
Debian (Linux) and FreeBSD consistently.
In contrast, FreeBSD, Linux also has a file named quagga in the =
directory /etc/pam.d/.
This file is not in FreeBSD in directory /usr/local/etc/pam.d or =
/etc/pam.d, which I would in the case of second option even understand.
Perhaps to FreeBSD is not needed, but then what exactly in the table the =
options of quagga when compiling means the possibility of "PAM PAM =
authentication for vtysh" ?
However, the aim is this:
I have an user XXX and I want him to give sufficient privileges to =
manipulate the quagga. I do not want to give him permission through sudo =
or through su commands. In addition, I want in order to when in the =
vtysh.conf file, the user XXX is set with the possibility of nopassword, =
vtysh not ask me for a password to the quagga.
Sh interpreter is preset to FreeBSD systems, so that the goal is for =
these above-mentioned conditions, to run vtysh straight and asks for =
nothing.
So far, only what the user see the error message:
> Vtysh
Exiting: failed to connect to any daemons.
>
I do not know how to do, to ask me, but the goal is identical behavior =
quagga on FreeBSD to Linux systems and that=C2=B4s all, not more and not =
less.
Thank you.
Regards,
Daniel
-----Original Message-----
From: Boris Kovalenko [mailto:boris@tagnet.ru]=20
Sent: Thursday, June 26, 2008 5:45 AM
To: dandee@hellteam.net
Subject: Re: FreeBSD Port: quagga-0.99.9_7
Hello, Daniel!
I remember Makefile has ENABLE_VTY_GROUP knob, so You may use it. Is it =
what You need?
> Hi Boris,
> I would like to turn your attention on one little bug in quagga on=20
> FreeBSD.
> Why don=C2=B4t we user groupname quaggavty from the beginning when the =
> quagga had been ported to FreeBSD ?
> What do I mena ? I will show you the diffrence between quagga on=20
> Debian and on our FreeBSD.
> They use group quaggavty for command vtysh and they help themself with =
> pam.d/quagga file.
> user@server$ <mailto:user@server$> ls -l /etc/pam.d/quagga
> -rw-r--r-- 1 root root 162 2007-09-26 08:20 /etc/pam.d/quagga user$=20
> cat /etc/pam.d/quagga # Any user may call vtysh but only those=20
> belonging to the group quaggavty can # actually connect to the socket=20
> and use the program.
> auth sufficient pam_permit.so
> user@server$ <mailto:user@server$> whoami user user@server$=20
> <mailto:user@server$> ls -l /etc/quagga/vtysh.conf
> -rw-rw---- 1 quagga quaggavty 63 2008-01-10 01:28=20
> /etc/quagga/vtysh.conf user@server$ <mailto:user@server$> cat=20
> /etc/quagga/vtysh.conf username user nopassword username root=20
> nopassword log syslog user@server$ <mailto:user@server$> egrep=20
> quaggavty /etc/group quaggavty:x:106:user user@server$=20
> <mailto:user@server$> vtysh Hello, this is Quagga (version 0.99.5).
> Copyright 1996-2005 Kunihiro Ishiguro, et al.
> server# exit
> user@server$ <mailto:user@server$>
> So here it works, now FreeBSD:
> > whoami
> resu
> > ls -l /etc/pam.d/quagga
> ls: /etc/pam.d/quagga: No such file or directory
> > ls -l /usr/local/etc/pam.d/quagga
> ls: /usr/local/etc/pam.d/quagga: No such file or directory
> > ls -l /usr/local/etc/quagga/vtysh.conf
> -rw-rw-r-- 1 quagga quagga 129 10 led 01:52=20
> /usr/local/etc/quagga/vtysh.conf
> > cat /usr/local/etc/quagga/vtysh.conf
> username resu nopassword
> username root nopassword
> log syslog
> > pw group show quagga
> quagga:*:101:resu
> > vtysh
> Exiting: failed to connect to any daemons.
> >
> Is possible to repair it ? How can I assit you ?
> It would be good if new version 0.99.10 will count with vtysh like on=20
> Debian.
> Thank you.
> Bye.
> Daniel
Regards,
Boris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?62D65AA82AE44ED5A9895D4D0B400BCC>