Verified Commit daeec052 authored by Sunil Mohan Adapa's avatar Sunil Mohan Adapa Committed by James Valleroy

security: Fix issue with Plinth locked out from sudo

Signed-off-by: Sunil Mohan Adapa's avatarSunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati's avatarJoseph Nuthalapati <njoseph@thoughtworks.com>
parent fded8e57
......@@ -5,6 +5,12 @@ set -e
daemonuser=plinth
daemongroup=plinth
# Due to a change in sudo, now it runs PAM modules even on password-less
# invocations. This leads to plinth not being able to run root privileges. This
# is because of our own restrictions in /etc/security/access.conf. Since Plinth
# is locked out after upgrade, we need to do this in postinst.
sed -ie 's+-:ALL EXCEPT root fbx (admin) (sudo):ALL+-:ALL EXCEPT root fbx plinth (admin) (sudo):ALL+' /etc/security/access.conf
case "$1" in
configure)
addgroup --system --quiet plinth
......
......@@ -23,7 +23,7 @@ from django.utils.translation import ugettext_lazy as _
from plinth import actions
from plinth.menu import main_menu
version = 3
version = 4
is_essential = True
......@@ -50,7 +50,11 @@ def init():
def setup(helper, old_version=None):
"""Install the required packages"""
helper.install(managed_packages)
setup_fail2ban()
if not old_version:
setup_fail2ban()
if get_restricted_access_enabled():
set_restricted_access(True)
def setup_fail2ban():
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment