refactoring

2024-10-01 08:25:45 -04:00 · 2019-12-10 03:51:39 -05:00 · 2019-12-10 03:51:39 -05:00 · 7d8001ddc9
commit 7d8001ddc9
parent d2f6ac0491
1 changed files with 23 additions and 19 deletions
--- a/debian/security-misc.preinst
+++ b/debian/security-misc.preinst
@ -15,27 +15,29 @@ true "
 #####################################################################
 "
-## /usr/lib/security-misc/hide-hardware-info
+user_groups_modifications() {
-addgroup --system sysfs
+   ## /usr/lib/security-misc/hide-hardware-info
-addgroup --system cpuinfo
+   addgroup --system sysfs
   addgroup --system cpuinfo
-## group 'sudo' membership required to use 'su'
+   ## group 'sudo' membership required to use 'su'
-## /usr/share/pam-configs/wheel-security-misc
+   ## /usr/share/pam-configs/wheel-security-misc
-addgroup root sudo
+   addgroup root sudo
-## Related to Console Lockdown.
+   ## Related to Console Lockdown.
-## /usr/share/pam-configs/console-lockdown-security-misc
+   ## /usr/share/pam-configs/console-lockdown-security-misc
-## /etc/security/access-security-misc.conf
+   ## /etc/security/access-security-misc.conf
-addgroup --system console
+   addgroup --system console
-addgroup --system console-unrestricted
+   addgroup --system console-unrestricted
-addgroup --system ssh
+   addgroup --system ssh
-## This has no effect since by default this package also ships and an
+   ## This has no effect since by default this package also ships and an
-## /etc/securetty configuration file that contains nothing but comments, i.e.
+   ## /etc/securetty configuration file that contains nothing but comments, i.e.
-## an "empty" /etc/securetty.
+   ## an "empty" /etc/securetty.
-## In case a system administrator edits /etc/securetty, there is no need to
+   ## In case a system administrator edits /etc/securetty, there is no need to
-## block for this to be still blocked by console lockdown. See also:
+   ## block for this to be still blocked by console lockdown. See also:
-## https://www.whonix.org/wiki/Root#Root_Login
+   ## https://www.whonix.org/wiki/Root#Root_Login
-addgroup root console
+   addgroup root console
 }
 sudo_users_check () {
   if command -v "qubesdb-read" &>/dev/null; then
@ -162,6 +164,8 @@ ssh_users_check() {
   fi
 }
 user_groups_modifications
 if [ "$1" = "install" ] || [ "$1" = "upgrade" ]; then
   sudo_users_check
   console_users_check