|
29 |
# /usr/share/common-licenses/AGPL-3; if not, see |
29 |
# /usr/share/common-licenses/AGPL-3; if not, see |
30 |
# <http://www.gnu.org/licenses/>. |
30 |
# <http://www.gnu.org/licenses/>. |
31 |
|
31 |
|
|
|
32 |
UCR=() |
33 |
|
32 |
function ucr_string(){ |
34 |
function ucr_string(){ |
33 |
string="" |
35 |
UCR=() |
34 |
for service in "gdm" "kdm" "login" "other" "sshd"; do |
36 |
for service in "gdm" "kdm" "login" "other" "sshd"; do |
35 |
for user in "group/Administrators" "group/Domain_Admins" "user/root"; do |
37 |
for user in "group/Administrators" "group/Domain Admins" "user/root"; do |
36 |
string="$string auth/$service/$user$1" |
38 |
UCR[${#UCR[@]}]="auth/$service/$user$1" |
37 |
done |
39 |
done |
38 |
done |
40 |
done |
39 |
string="$string auth/sudo$1" |
41 |
UCR[${#UCR[@]}]="auth/sudo$1" |
40 |
echo $string > /root/log |
|
|
41 |
echo $string |
42 |
} |
42 |
} |
43 |
|
43 |
|
44 |
function allow_root_login() { |
44 |
function allow_root_login() { |
45 |
ucr unset --force $(ucr_string "") |
45 |
ucr_string "" |
|
|
46 |
ucr unset --force "${UCR[@]}" |
46 |
|
47 |
|
47 |
# reset su restrictions |
48 |
# reset su restrictions |
48 |
ucr unset --force auth/su/restrict \ |
49 |
ucr unset --force auth/su/restrict \ |
Lines 51-62
function allow_root_login() {
|
Link Here
|
---|
|
51 |
# set to the default values, these values are not set |
52 |
# set to the default values, these values are not set |
52 |
# during the pam installation, because they were set |
53 |
# during the pam installation, because they were set |
53 |
# in the force layer |
54 |
# in the force layer |
54 |
ucr set $(ucr_string "?yes") |
55 |
ucr_string "?yes" |
|
|
56 |
ucr set "${UCR[@]}" |
55 |
} |
57 |
} |
56 |
|
58 |
|
57 |
function restrict_root_login() { |
59 |
function restrict_root_login() { |
58 |
# disallow root login |
60 |
# disallow root login |
59 |
ucr set --force $(ucr_string "=no") |
61 |
ucr_string "=no" |
|
|
62 |
ucr set --force "${UCR[@]}" |
60 |
|
63 |
|
61 |
# disallow su |
64 |
# disallow su |
62 |
ucr set --force auth/su/restrict=yes \ |
65 |
ucr set --force auth/su/restrict=yes \ |