From f77157f09df647f07622f5dd26489292be7192a5 Mon Sep 17 00:00:00 2001 From: arlakshm <55814491+arlakshm@users.noreply.github.com> Date: Mon, 22 Feb 2021 23:34:28 -0800 Subject: [PATCH] [baseimage] add ipintutil in sudoer file (#6845) show ip interfaces is enhanced recently to support multi ASIC platforms in this PR- https://github.com/Azure/sonic-utilities/pull/1396 . The ipintutil script as to run as sudo user, to get the ip interface from each namespace. Add this script to the sudoer file so that show ip interface command is available for user with read-only permissions Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan --- files/image_config/sudoers/sudoers | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/files/image_config/sudoers/sudoers b/files/image_config/sudoers/sudoers index 8ec8799c7cca..fbe4cf1f7f91 100644 --- a/files/image_config/sudoers/sudoers +++ b/files/image_config/sudoers/sudoers @@ -20,6 +20,7 @@ Defaults lecture_file = /etc/sudoers.lecture # Cmnd alias specification # Note: bcmcmd is dangerous for users in read only netgroups because it may operate ASIC Cmnd_Alias READ_ONLY_CMDS = /bin/cat /var/log/syslog*, \ + /bin/ip netns identify [0-9]*, \ /sbin/brctl show, \ /usr/bin/docker exec snmp cat /etc/snmp/snmpd.conf, \ /usr/bin/docker exec bgp cat /etc/quagga/bgpd.conf, \ @@ -33,13 +34,13 @@ Cmnd_Alias READ_ONLY_CMDS = /bin/cat /var/log/syslog*, \ /usr/bin/vtysh -n [0-9] -c show *, \ /usr/local/bin/decode-syseeprom, \ /usr/local/bin/generate_dump, \ + /usr/local/bin/ipintutil, \ /usr/local/bin/lldpshow, \ /usr/local/bin/pcieutil *, \ /usr/local/bin/psuutil *, \ /usr/local/bin/sonic-installer list, \ - /usr/local/bin/sfputil show *, \ - /bin/ip netns identify [0-9]* - + /usr/local/bin/sfputil show * + Cmnd_Alias PASSWD_CMDS = /usr/local/bin/config tacacs passkey *, \ /usr/sbin/chpasswd *