diff options
Diffstat (limited to 'share')
| -rw-r--r-- | share/libmsec.py | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/share/libmsec.py b/share/libmsec.py index eb42383..da07664 100644 --- a/share/libmsec.py +++ b/share/libmsec.py @@ -1,5 +1,5 @@ #--------------------------------------------------------------- -# Project : Mandrakelinux +# Project : Mandriva Linux # Module : msec # File : libmsec.py # Version : $Id$ @@ -622,6 +622,33 @@ enable_pam_wheel_for_su.arg_trans = YES_NO_TRANS ################################################################################ +def enable_pam_root_from_wheel(arg): + ''' Allow root access without password for the members of the wheel group.''' + system_auth = ConfigFile.get_config_file(SYSTEM_AUTH) + + if not system_auth.exists(): + return + + val = system_auth.get_match('^auth\s+sufficient\s+pam_succeed_if.so\s+use_uid\s+user\s+ingroup\s+wheel\s*$') + + # don't lower security when not changing security level + if same_level(): + if not val: + return + + if arg: + if not val: + _interactive and log(_('Allowing transparent root access for wheel group members')) + system_auth.insert_after('^auth\s+required', 'auth sufficient pam_succeed_if.so use_uid user ingroup wheel') + else: + if val: + _interactive and log(_('Disabling transparent root access for wheel group members')) + system_auth.remove_line_matching('^auth\s+sufficient\s+pam_succeed_if.so\s+use_uid\s+user\s+ingroup\s+wheel\s*$') + +enable_pam_root_from_wheel.arg_trans = YES_NO_TRANS + +################################################################################ + def allow_issues(arg): ''' If \\fIarg\\fP = ALL allow /etc/issue and /etc/issue.net to exist. If \\fIarg\\fP = NONE no issues are allowed else only /etc/issue is allowed.''' |