blob: 4a42fb24f49a9ae92061439fff4171b04c170fda (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
Defaults env_keep += VTYSH_PAGER
# Allow user in group frr to run vtysh show commands
# without a password by uncommenting the "%frr" line below.
# Subshell commands need to be disallowed, including
# preventing the user passing command line args like 'start-shell'
# Since vtysh allows minimum non-conflicting prefix'es, that means
# anything beginning with the string "st" in any arg. That's a bit
# restrictive.
# Instead, use NOEXEC, to prevent any exec'ed commands.
Cmnd_Alias VTY_SHOW = /usr/bin/vtysh -c show *
# %frr ALL = (root) NOPASSWD:NOEXEC: VTY_SHOW
|
