|
29 |
# /usr/share/common-licenses/AGPL-3; if not, see |
29 |
# /usr/share/common-licenses/AGPL-3; if not, see |
30 |
# <http://www.gnu.org/licenses/>. |
30 |
# <http://www.gnu.org/licenses/>. |
31 |
|
31 |
|
|
|
32 |
function allow_root_login() { |
33 |
ucr unset --force auth/gdm/user/root \ |
34 |
auth/kdm/user/root \ |
35 |
auth/login/user/root \ |
36 |
auth/other/user/root \ |
37 |
auth/sshd/user/root |
38 |
|
39 |
# reset su restrictions |
40 |
ucr unset --force auth/su/restrict \ |
41 |
auth/su/user/root |
42 |
|
43 |
# set to the default values, these values are not set |
44 |
# during the pam installation, because they were set |
45 |
# in the force layer |
46 |
ucr set auth/gdm/user/root?yes \ |
47 |
auth/kdm/user/root?yes \ |
48 |
auth/login/user/root?yes \ |
49 |
auth/other/user/root?yes \ |
50 |
auth/sshd/user/root?yes |
51 |
} |
52 |
|
53 |
function restrict_root_login() { |
54 |
# disallow root login |
55 |
ucr set --force auth/gdm/user/root=no \ |
56 |
auth/kdm/user/root=no \ |
57 |
auth/login/user/root=no \ |
58 |
auth/other/user/root=no \ |
59 |
auth/sshd/user/root=no |
60 |
|
61 |
# disallow su |
62 |
ucr set --force auth/su/restrict=yes \ |
63 |
auth/su/user/root=no |
64 |
} |
65 |
|
32 |
if [ $# -eq 0 -o "$1" = "-h" -o "$1" = "--help" ]; then |
66 |
if [ $# -eq 0 -o "$1" = "-h" -o "$1" = "--help" ]; then |
33 |
echo |
67 |
echo |
34 |
echo "When started, deactivates all access to the UCS and enforces the" |
68 |
echo "When started, deactivates all access to the UCS and enforces the" |
|
62 |
# disable sites |
96 |
# disable sites |
63 |
a2dissite ${active_sites[@]} |
97 |
a2dissite ${active_sites[@]} |
64 |
|
98 |
|
|
|
99 |
restrict_root_login |
100 |
|
65 |
# enable system activation site configuration and reload apache |
101 |
# enable system activation site configuration and reload apache |
66 |
a2ensite univention-system-activation |
102 |
a2ensite univention-system-activation |
67 |
/etc/init.d/apache2 reload |
103 |
/etc/init.d/apache2 reload |
|
84 |
# unset previously stored sites |
120 |
# unset previously stored sites |
85 |
ucr unset apache2/system_activation/sites |
121 |
ucr unset apache2/system_activation/sites |
86 |
|
122 |
|
87 |
# allow root login again |
123 |
allow_root_login |
88 |
ucr unset --force auth/gdm/user/root \ |
|
|
89 |
auth/kdm/user/root \ |
90 |
auth/login/user/root \ |
91 |
auth/other/user/root \ |
92 |
auth/sshd/user/root |
93 |
|
124 |
|
94 |
# reset su restrictions |
|
|
95 |
ucr unset --force auth/su/restrict \ |
96 |
auth/su/user/root |
97 |
|
98 |
# set to the default values, these values are not set |
99 |
# during the pam installation, because they were set |
100 |
# in the force layer |
101 |
ucr set auth/gdm/user/root?yes \ |
102 |
auth/kdm/user/root?yes \ |
103 |
auth/login/user/root?yes \ |
104 |
auth/other/user/root?yes \ |
105 |
auth/sshd/user/root?yes |
106 |
|
107 |
# apache reload as last step |
125 |
# apache reload as last step |
108 |
/etc/init.d/apache2 reload |
126 |
/etc/init.d/apache2 reload |
|
|
127 |
elif [ "$ACTION" == "allow-root" ]; then |
128 |
allow_root_login |
129 |
elif [ "$ACTION" == "restrict-root" ]; then |
130 |
restrict_root_login |
109 |
else |
131 |
else |
110 |
echo |
132 |
echo |
111 |
echo "ERROR: Unknown action given" |
133 |
echo "ERROR: Unknown action given" |
112 |
echo |
134 |
echo |
113 |
exit 1 |
135 |
exit 1 |
114 |
fi |
136 |
fi |
115 |
|
|
|