aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFrederic Lepied <flepied@mandriva.com>2005-06-17 09:13:42 +0000
committerFrederic Lepied <flepied@mandriva.com>2005-06-17 09:13:42 +0000
commit275c1e0bca8115f424a603b658ad46db6cf4c409 (patch)
treede628389d0092fb910168a896dee2c780a7f1965
parent10c93c8b4b867e798e777ed72d8cdd10adb4f236 (diff)
downloadmsec-275c1e0bca8115f424a603b658ad46db6cf4c409.tar
msec-275c1e0bca8115f424a603b658ad46db6cf4c409.tar.gz
msec-275c1e0bca8115f424a603b658ad46db6cf4c409.tar.bz2
msec-275c1e0bca8115f424a603b658ad46db6cf4c409.tar.xz
msec-275c1e0bca8115f424a603b658ad46db6cf4c409.zip
new function enable_pam_root_from_wheel to allow transparent root access
for the wheel group members.
-rw-r--r--share/libmsec.py29
1 files changed, 28 insertions, 1 deletions
diff --git a/share/libmsec.py b/share/libmsec.py
index eb42383..da07664 100644
--- a/share/libmsec.py
+++ b/share/libmsec.py
@@ -1,5 +1,5 @@
#---------------------------------------------------------------
-# Project : Mandrakelinux
+# Project : Mandriva Linux
# Module : msec
# File : libmsec.py
# Version : $Id$
@@ -622,6 +622,33 @@ enable_pam_wheel_for_su.arg_trans = YES_NO_TRANS
################################################################################
+def enable_pam_root_from_wheel(arg):
+ ''' Allow root access without password for the members of the wheel group.'''
+ system_auth = ConfigFile.get_config_file(SYSTEM_AUTH)
+
+ if not system_auth.exists():
+ return
+
+ val = system_auth.get_match('^auth\s+sufficient\s+pam_succeed_if.so\s+use_uid\s+user\s+ingroup\s+wheel\s*$')
+
+ # don't lower security when not changing security level
+ if same_level():
+ if not val:
+ return
+
+ if arg:
+ if not val:
+ _interactive and log(_('Allowing transparent root access for wheel group members'))
+ system_auth.insert_after('^auth\s+required', 'auth sufficient pam_succeed_if.so use_uid user ingroup wheel')
+ else:
+ if val:
+ _interactive and log(_('Disabling transparent root access for wheel group members'))
+ system_auth.remove_line_matching('^auth\s+sufficient\s+pam_succeed_if.so\s+use_uid\s+user\s+ingroup\s+wheel\s*$')
+
+enable_pam_root_from_wheel.arg_trans = YES_NO_TRANS
+
+################################################################################
+
def allow_issues(arg):
''' If \\fIarg\\fP = ALL allow /etc/issue and /etc/issue.net to exist. If \\fIarg\\fP = NONE no issues are
allowed else only /etc/issue is allowed.'''