From b5e57c4ffc2d20b7245138cc6700f090c0ba251e Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa Date: Tue, 24 Sep 2024 14:10:32 -0700 Subject: [PATCH] security: Remove PAM configuration for 'access' module - This was supposed to removed in MR #2309 in the commit 253540fb3d12254c920b632cc484be6a79d27229. It was overlooked. - Version number of users app has not been incremented as it has already been incremented in this release. Tests: - There is no directory /etc/security/access.conf.d. - There are not directives in /etc/security/access.conf that are not commented out. - After applying the patch (assuming previously setup version is 24.20) and manually removing the destination file, app setup for users app runs. It succeeds. /etc/pam.d/common-account no longer contains the line 'account required pam_access.so'. - After the upgrade, users who are root and non-root are able to login via SSH and Cockpit. After a reboot, users are able to login via SSH and Cockpit. Signed-off-by: Sunil Mohan Adapa Reviewed-by: James Valleroy --- .../security/data/usr/share/pam-configs/access-freedombox | 6 ------ plinth/modules/users/privileged.py | 2 +- 2 files changed, 1 insertion(+), 7 deletions(-) delete mode 100644 plinth/modules/security/data/usr/share/pam-configs/access-freedombox diff --git a/plinth/modules/security/data/usr/share/pam-configs/access-freedombox b/plinth/modules/security/data/usr/share/pam-configs/access-freedombox deleted file mode 100644 index 19e6d2c46..000000000 --- a/plinth/modules/security/data/usr/share/pam-configs/access-freedombox +++ /dev/null @@ -1,6 +0,0 @@ -Name: Restrict login using access control table file -Default: yes -Priority: 0 -Account-Type: Additional -Account-Final: - required pam_access.so diff --git a/plinth/modules/users/privileged.py b/plinth/modules/users/privileged.py index 7efb38fb2..23598b6b2 100644 --- a/plinth/modules/users/privileged.py +++ b/plinth/modules/users/privileged.py @@ -60,7 +60,7 @@ def first_setup(): @privileged def setup(): """Setup LDAP.""" - # Update pam configs for access and mkhomedir. + # Update pam config for mkhomedir. subprocess.run(['pam-auth-update', '--package'], check=True) _configure_ldapscripts()