Page MenuHomeVyOS Platform

Documentation has reference to the old 'user x level admin' option
Closed, ResolvedPublicBUG

Description

https://vyos.readthedocs.io/en/latest/quick-start.html#hardening

contains:

set system login user myvyosuser level admin

which is no longer required or possible

Details

Difficulty level
Easy (less than an hour)
Version
latest, as of 2020-04-03
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible

Event Timeline

varesa created this task.Apr 3 2020, 8:14 PM
njh added a subscriber: njh.

I have just done a bit of background research to understand this change, after I noticed that the level option was deleted from my VyOS config.

The documentation originally stated:

VyOS defines what users can do on a system by having two privilege levels: operator and admin.

Then on the 1st November 2017 Daniil Baturin wrote a blog post entitled The "operator" level is proved insecure and will be removed in the next releases:

https://blog.vyos.io/the-operator-level-is-proved-insecure-and-will-be-removed-in-the-next-releases

The following ticket was raised to handle "migrate operator accounts to admin accounts and remove the option to setup an operator account":

Finally the level node was dropped from user because only a single value of admin is allowed:

https://phabricator.vyos.net/R3:62596a64f2155208075352024f5279e723e667e0

However I am not quite sure why the work was done against the T1948 ticket, which is about RADIUS being broken.

These pages also needs updating:

pasik added a subscriber: pasik.May 25 2020, 7:08 AM
dmbaturin closed this task as Resolved.Aug 20 2020, 3:32 PM
dmbaturin claimed this task.