Attachment #7536 for bug #39700




# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.

UCR=()

function ucr_string(){
	UCR=()
	for service in "gdm" "kdm" "login" "other" "sshd"; do
		for user in "group/Administrators" "group/Domain Admins" "user/root"; do
			UCR[${#UCR[@]}]="auth/$service/$user$1"
		done
	done
	UCR[${#UCR[@]}]="auth/sudo$1"
	echo $string > /root/log
	echo $string
}

function allow_root_login() {
	ucr_string ""
	ucr unset --force "${UCR[@]}"

	# reset su restrictions
	ucr unset --force auth/su/restrict \

	# set to the default values, these values are not set
	# during the pam installation, because they were set
	# in the force layer
	ucr_string "?yes"
	ucr set "${UCR[@]}"
}

function restrict_root_login() {
	# disallow root login
	ucr_string "=no"
	ucr set --force "${UCR[@]}"

	# disallow su
	ucr set --force auth/su/restrict=yes \

Return to bug 39700

Lines 29-48 Link Here

(-)a/base/univention-system-activation/scripts/univention-system-activation (-9 / +12 lines)
29	# /usr/share/common-licenses/AGPL-3; if not, see	29	# /usr/share/common-licenses/AGPL-3; if not, see
30	# <http://www.gnu.org/licenses/>.	30	# <http://www.gnu.org/licenses/>.
31		31
		32	UCR=()
		33
32	function ucr_string(){	34	function ucr_string(){
33	string=""	35	UCR=()
34	for service in "gdm" "kdm" "login" "other" "sshd"; do	36	for service in "gdm" "kdm" "login" "other" "sshd"; do
35	for user in "group/Administrators" "group/Domain_Admins" "user/root"; do	37	for user in "group/Administrators" "group/Domain Admins" "user/root"; do
36	string="$string auth/$service/$user$1"	38	UCR[${#UCR[@]}]="auth/$service/$user$1"
37	done	39	done
38	done	40	done
39	string="$string auth/sudo$1"	41	UCR[${#UCR[@]}]="auth/sudo$1"
40	echo $string > /root/log
41	echo $string
42	}	42	}
43		43
44	function allow_root_login() {	44	function allow_root_login() {
45	ucr unset --force $(ucr_string "")	45	ucr_string ""
		46	ucr unset --force "${UCR[@]}"
46		47
47	# reset su restrictions	48	# reset su restrictions
48	ucr unset --force auth/su/restrict \	49	ucr unset --force auth/su/restrict \
Lines 51-62 function allow_root_login() { Link Here
51	# set to the default values, these values are not set	52	# set to the default values, these values are not set
52	# during the pam installation, because they were set	53	# during the pam installation, because they were set
53	# in the force layer	54	# in the force layer
54	ucr set $(ucr_string "?yes")	55	ucr_string "?yes"
		56	ucr set "${UCR[@]}"
55	}	57	}
56		58
57	function restrict_root_login() {	59	function restrict_root_login() {
58	# disallow root login	60	# disallow root login
59	ucr set --force $(ucr_string "=no")	61	ucr_string "=no"
		62	ucr set --force "${UCR[@]}"
60		63
61	# disallow su	64	# disallow su
62	ucr set --force auth/su/restrict=yes \	65	ucr set --force auth/su/restrict=yes \