diff options
author | Frederic Lepied <flepied@mandriva.com> | 2005-06-17 09:13:42 +0000 |
---|---|---|
committer | Frederic Lepied <flepied@mandriva.com> | 2005-06-17 09:13:42 +0000 |
commit | 275c1e0bca8115f424a603b658ad46db6cf4c409 (patch) | |
tree | de628389d0092fb910168a896dee2c780a7f1965 | |
parent | 10c93c8b4b867e798e777ed72d8cdd10adb4f236 (diff) | |
download | msec-275c1e0bca8115f424a603b658ad46db6cf4c409.tar msec-275c1e0bca8115f424a603b658ad46db6cf4c409.tar.gz msec-275c1e0bca8115f424a603b658ad46db6cf4c409.tar.bz2 msec-275c1e0bca8115f424a603b658ad46db6cf4c409.tar.xz msec-275c1e0bca8115f424a603b658ad46db6cf4c409.zip |
new function enable_pam_root_from_wheel to allow transparent root access
for the wheel group members.
-rw-r--r-- | share/libmsec.py | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/share/libmsec.py b/share/libmsec.py index eb42383..da07664 100644 --- a/share/libmsec.py +++ b/share/libmsec.py @@ -1,5 +1,5 @@ #--------------------------------------------------------------- -# Project : Mandrakelinux +# Project : Mandriva Linux # Module : msec # File : libmsec.py # Version : $Id$ @@ -622,6 +622,33 @@ enable_pam_wheel_for_su.arg_trans = YES_NO_TRANS ################################################################################ +def enable_pam_root_from_wheel(arg): + ''' Allow root access without password for the members of the wheel group.''' + system_auth = ConfigFile.get_config_file(SYSTEM_AUTH) + + if not system_auth.exists(): + return + + val = system_auth.get_match('^auth\s+sufficient\s+pam_succeed_if.so\s+use_uid\s+user\s+ingroup\s+wheel\s*$') + + # don't lower security when not changing security level + if same_level(): + if not val: + return + + if arg: + if not val: + _interactive and log(_('Allowing transparent root access for wheel group members')) + system_auth.insert_after('^auth\s+required', 'auth sufficient pam_succeed_if.so use_uid user ingroup wheel') + else: + if val: + _interactive and log(_('Disabling transparent root access for wheel group members')) + system_auth.remove_line_matching('^auth\s+sufficient\s+pam_succeed_if.so\s+use_uid\s+user\s+ingroup\s+wheel\s*$') + +enable_pam_root_from_wheel.arg_trans = YES_NO_TRANS + +################################################################################ + def allow_issues(arg): ''' If \\fIarg\\fP = ALL allow /etc/issue and /etc/issue.net to exist. If \\fIarg\\fP = NONE no issues are allowed else only /etc/issue is allowed.''' |