experiments/clixon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

restricted NACM recovery user

Browse source
This commit is contained in:
Olof hagsand 2020-08-06 21:43:27 +02:00
parent 5c3f18c2da
commit a7737c283c
7 changed files with 126 additions and 99 deletions
Download patch file Download diff file Expand all files Collapse all files

5
yang/clixon/clixon-config@2020-06-17.yang
View file

@ -704,8 +704,7 @@ module clixon-config {
description
"Verify nacm user credentials with unix socket peer cred.
This means nacm user must match unix user accessing the backend
socket.
Except for recovery user and www user (for restconf)";
socket.";
}
leaf CLICON_NACM_RECOVERY_USER {
type string;
@ -716,7 +715,7 @@ module clixon-config {
all access control enforcements.
Note setting of CLICON_NACM_CREDENTIALS is important, if set to
exact for example, this user must exist and be used, otherwise
another user (such as root or www) can pose as it.";
another user (such as root or www) can pose as the recovery user.";
}
leaf CLICON_NACM_DISABLED_ON_EMPTY {
type boolean;