new function enable_pam_root_from_wheel to allow transparent root access

for the wheel group members.

1 files changed, 28 insertions, 1 deletions

diff --git a/share/libmsec.py b/share/libmsec.py
index eb42383..da07664 100644
--- a/share/libmsec.py
+++ b/share/libmsec.py
@@ -1,5 +1,5 @@
 #---------------------------------------------------------------
-# Project         : Mandrakelinux
+# Project         : Mandriva Linux
 # Module          : msec
 # File            : libmsec.py
 # Version         : $Id$
@@ -622,6 +622,33 @@ enable_pam_wheel_for_su.arg_trans = YES_NO_TRANS
 
 ################################################################################
 
+def enable_pam_root_from_wheel(arg):
+    '''   Allow root access without password for the members of the wheel group.'''
+    system_auth = ConfigFile.get_config_file(SYSTEM_AUTH)
+
+    if not system_auth.exists():
+        return
+
+    val = system_auth.get_match('^auth\s+sufficient\s+pam_succeed_if.so\s+use_uid\s+user\s+ingroup\s+wheel\s*$')
+    
+    # don't lower security when not changing security level
+    if same_level():
+        if not val:
+            return
+
+    if arg:
+        if not val:
+            _interactive and log(_('Allowing transparent root access for wheel group members'))
+            system_auth.insert_after('^auth\s+required', 'auth	    sufficient    pam_succeed_if.so use_uid user ingroup wheel')
+    else:
+        if val:
+            _interactive and log(_('Disabling transparent root access for wheel group members'))
+            system_auth.remove_line_matching('^auth\s+sufficient\s+pam_succeed_if.so\s+use_uid\s+user\s+ingroup\s+wheel\s*$')
+
+enable_pam_root_from_wheel.arg_trans = YES_NO_TRANS
+
+################################################################################
+
 def allow_issues(arg):
     '''  If \\fIarg\\fP = ALL allow /etc/issue and /etc/issue.net to exist. If \\fIarg\\fP = NONE no issues are
 allowed else only /etc/issue is allowed.'''