From 275c1e0bca8115f424a603b658ad46db6cf4c409 Mon Sep 17 00:00:00 2001 From: Frederic Lepied Date: Fri, 17 Jun 2005 09:13:42 +0000 Subject: new function enable_pam_root_from_wheel to allow transparent root access for the wheel group members. --- share/libmsec.py | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) (limited to 'share') diff --git a/share/libmsec.py b/share/libmsec.py index eb42383..da07664 100644 --- a/share/libmsec.py +++ b/share/libmsec.py @@ -1,5 +1,5 @@ #--------------------------------------------------------------- -# Project : Mandrakelinux +# Project : Mandriva Linux # Module : msec # File : libmsec.py # Version : $Id$ @@ -622,6 +622,33 @@ enable_pam_wheel_for_su.arg_trans = YES_NO_TRANS ################################################################################ +def enable_pam_root_from_wheel(arg): + ''' Allow root access without password for the members of the wheel group.''' + system_auth = ConfigFile.get_config_file(SYSTEM_AUTH) + + if not system_auth.exists(): + return + + val = system_auth.get_match('^auth\s+sufficient\s+pam_succeed_if.so\s+use_uid\s+user\s+ingroup\s+wheel\s*$') + + # don't lower security when not changing security level + if same_level(): + if not val: + return + + if arg: + if not val: + _interactive and log(_('Allowing transparent root access for wheel group members')) + system_auth.insert_after('^auth\s+required', 'auth sufficient pam_succeed_if.so use_uid user ingroup wheel') + else: + if val: + _interactive and log(_('Disabling transparent root access for wheel group members')) + system_auth.remove_line_matching('^auth\s+sufficient\s+pam_succeed_if.so\s+use_uid\s+user\s+ingroup\s+wheel\s*$') + +enable_pam_root_from_wheel.arg_trans = YES_NO_TRANS + +################################################################################ + def allow_issues(arg): ''' If \\fIarg\\fP = ALL allow /etc/issue and /etc/issue.net to exist. If \\fIarg\\fP = NONE no issues are allowed else only /etc/issue is allowed.''' -- cgit v1.2.1