nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-01-21 07:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
FreedomBox/actions/security
Joseph Nuthalapati b9c36e41e2
security: Allow console login access to user plinth 
Fixes #1295

This change is necessary to support sudo 1.8.23+ which came with the following
major change:
- PAM account management modules and BSD auth approval modules are now run even
	when no password is required.

Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
2018-05-07 12:14:04 -04:00

86 lines
2.7 KiB
Python
Executable File
Raw Permalink Blame History

#!/usr/bin/python3
#
# This file is part of FreedomBox.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
"""
Helper for security configuration
"""
import argparse
from plinth.modules.security import (ACCESS_CONF_FILE, ACCESS_CONF_SNIPPET,
ACCESS_CONF_SNIPPETS)
def parse_arguments():
"""Return parsed command line arguments as dictionary"""
parser = argparse.ArgumentParser()
subparsers = parser.add_subparsers(dest='subcommand', help='Sub command')
subparsers.add_parser(
'enable-restricted-access',
help='Restrict console login to users in admin or sudo group')
subparsers.add_parser(
'disable-restricted-access',
help='Don\'t restrict console login to users in admin or sudo group')
subparsers.required = True
return parser.parse_args()
def subcommand_enable_restricted_access(_):
"""Restrict console login to users in admin or sudo group."""
with open(ACCESS_CONF_FILE, 'r') as conffile:
lines = conffile.readlines()
is_upgrading = False
with open(ACCESS_CONF_FILE, 'w') as conffile:
for line in lines:
if line.strip() in ACCESS_CONF_SNIPPETS:
conffile.write(ACCESS_CONF_SNIPPET + '\n')
is_upgrading = True
else:
conffile.write(line)
if not is_upgrading:
with open(ACCESS_CONF_FILE, 'a') as conffile:
conffile.write(ACCESS_CONF_SNIPPET + '\n')
def subcommand_disable_restricted_access(_):
"""Don't restrict console login to users in admin or sudo group."""
with open(ACCESS_CONF_FILE, 'r') as conffile:
lines = conffile.readlines()
with open(ACCESS_CONF_FILE, 'w') as conffile:
for line in lines:
if line.strip() not in ACCESS_CONF_SNIPPETS:
conffile.write(line)
def main():
"""Parse arguments and perform all duties"""
arguments = parse_arguments()
subcommand = arguments.subcommand.replace('-', '_')
subcommand_method = globals()['subcommand_' + subcommand]
subcommand_method(arguments)
if __name__ == '__main__':
main()
Reference in New Issue View Git Blame Copy Permalink