Univention Bugzilla – Attachment 7536 Details for
Bug 39700
univention-system-activation: On non-master systems, root ssh restrictions are not removed
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for setting UCR variables via global array
bug39700-ucr-variables.patch (text/plain), 1.54 KB, created by
Alexander Kläser
on 2016-03-16 05:45:52 CET
(
hide
)
Description:
Patch for setting UCR variables via global array
Filename:
MIME Type:
Creator:
Alexander Kläser
Created:
2016-03-16 05:45:52 CET
Size:
1.54 KB
patch
obsolete
>diff --git a/base/univention-system-activation/scripts/univention-system-activation b/base/univention-system-activation/scripts/univention-system-activation >index ab7427e..577a2ae 100755 >--- a/base/univention-system-activation/scripts/univention-system-activation >+++ b/base/univention-system-activation/scripts/univention-system-activation >@@ -29,20 +29,21 @@ > # /usr/share/common-licenses/AGPL-3; if not, see > # <http://www.gnu.org/licenses/>. > >+UCR=() >+ > function ucr_string(){ >- string="" >+ UCR=() > for service in "gdm" "kdm" "login" "other" "sshd"; do >- for user in "group/Administrators" "group/Domain_Admins" "user/root"; do >- string="$string auth/$service/$user$1" >+ for user in "group/Administrators" "group/Domain Admins" "user/root"; do >+ UCR[${#UCR[@]}]="auth/$service/$user$1" > done > done >- string="$string auth/sudo$1" >- echo $string > /root/log >- echo $string >+ UCR[${#UCR[@]}]="auth/sudo$1" > } > > function allow_root_login() { >- ucr unset --force $(ucr_string "") >+ ucr_string "" >+ ucr unset --force "${UCR[@]}" > > # reset su restrictions > ucr unset --force auth/su/restrict \ >@@ -51,12 +52,14 @@ function allow_root_login() { > # set to the default values, these values are not set > # during the pam installation, because they were set > # in the force layer >- ucr set $(ucr_string "?yes") >+ ucr_string "?yes" >+ ucr set "${UCR[@]}" > } > > function restrict_root_login() { > # disallow root login >- ucr set --force $(ucr_string "=no") >+ ucr_string "=no" >+ ucr set --force "${UCR[@]}" > > # disallow su > ucr set --force auth/su/restrict=yes \
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=7536">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 39700
:
7455
|
7456
|
7534
| 7536 |
7539