From 6665052fe86f6b2335a1504808fd90eee2e6a87e Mon Sep 17 00:00:00 2001
From: Veiko Aasa <veiko17@disroot.org>
Date: Mon, 21 Dec 2020 15:48:36 +0200
Subject: [PATCH] security: Fix access denied for user daemon from cron

When 'restrict console logins' is activated, debsecan hourly cron jobs fail
because the 'daemon' user is not allowed to run cron jobs. Add rule to the
login access control file to allow 'daemon' user to run cron jobs.

Fixes #1770

Tested that after I copied the file to /etc/security/access.d/10freedombox-security.conf,
there are no more debsecan cron job errors in the journalctl logs.

Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Fioddor Superconcentrado <fioddor@gmail.com>
---
 .../data/etc/security/access.d/10freedombox-security.conf       | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 plinth/modules/security/data/etc/security/access.d/10freedombox-security.conf

diff --git a/plinth/modules/security/data/etc/security/access.d/10freedombox-security.conf b/plinth/modules/security/data/etc/security/access.d/10freedombox-security.conf
new file mode 100644
index 000000000..ae78899bd
--- /dev/null
+++ b/plinth/modules/security/data/etc/security/access.d/10freedombox-security.conf
@@ -0,0 +1,2 @@
+# allow debsecan cron job
++:daemon:cron