aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--share/libmsec.py29
1 files changed, 28 insertions, 1 deletions
diff --git a/share/libmsec.py b/share/libmsec.py
index eb42383..da07664 100644
--- a/share/libmsec.py
+++ b/share/libmsec.py
@@ -1,5 +1,5 @@
#---------------------------------------------------------------
-# Project : Mandrakelinux
+# Project : Mandriva Linux
# Module : msec
# File : libmsec.py
# Version : $Id$
@@ -622,6 +622,33 @@ enable_pam_wheel_for_su.arg_trans = YES_NO_TRANS
################################################################################
+def enable_pam_root_from_wheel(arg):
+ ''' Allow root access without password for the members of the wheel group.'''
+ system_auth = ConfigFile.get_config_file(SYSTEM_AUTH)
+
+ if not system_auth.exists():
+ return
+
+ val = system_auth.get_match('^auth\s+sufficient\s+pam_succeed_if.so\s+use_uid\s+user\s+ingroup\s+wheel\s*$')
+
+ # don't lower security when not changing security level
+ if same_level():
+ if not val:
+ return
+
+ if arg:
+ if not val:
+ _interactive and log(_('Allowing transparent root access for wheel group members'))
+ system_auth.insert_after('^auth\s+required', 'auth sufficient pam_succeed_if.so use_uid user ingroup wheel')
+ else:
+ if val:
+ _interactive and log(_('Disabling transparent root access for wheel group members'))
+ system_auth.remove_line_matching('^auth\s+sufficient\s+pam_succeed_if.so\s+use_uid\s+user\s+ingroup\s+wheel\s*$')
+
+enable_pam_root_from_wheel.arg_trans = YES_NO_TRANS
+
+################################################################################
+
def allow_issues(arg):
''' If \\fIarg\\fP = ALL allow /etc/issue and /etc/issue.net to exist. If \\fIarg\\fP = NONE no issues are
allowed else only /etc/issue is allowed.'''