Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-06-16 05:29:13 -04:00
Code Issues Projects Releases Packages Wiki Activity

fix, do user/group modifications in preinst rather than postinst

Browse source
This commit is contained in:
Patrick Schleizer 2019-12-10 03:50:23 -05:00
parent 64ae53edb9
commit d2f6ac0491
No known key found for this signature in database
GPG key ID: CB8D50BB77BB3C48
2 changed files with 22 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

22
debian/security-misc.postinst vendored
View file

@ -30,28 +30,6 @@ case "$1" in
;; ;;
esac esac
## /usr/lib/security-misc/hide-hardware-info
addgroup --system sysfs
addgroup --system cpuinfo
## group 'sudo' membership required to use 'su'
## /usr/share/pam-configs/wheel-security-misc
addgroup root sudo
## Related to Console Lockdown.
## /usr/share/pam-configs/console-lockdown-security-misc
## /etc/security/access-security-misc.conf
addgroup --system console
addgroup --system console-unrestricted
addgroup --system ssh
## This has no effect since by default this package also ships and an
## /etc/securetty configuration file that contains nothing but comments, i.e.
## an "empty" /etc/securetty.
## In case a system administrator edits /etc/securetty, there is no need to
## block for this to be still blocked by console lockdown. See also:
## https://www.whonix.org/wiki/Root#Root_Login
addgroup root console
pam-auth-update --package pam-auth-update --package
/usr/lib/security-misc/permission-lockdown /usr/lib/security-misc/permission-lockdown

22
debian/security-misc.preinst vendored
View file

@ -15,6 +15,28 @@ true "
##################################################################### #####################################################################
" "
## /usr/lib/security-misc/hide-hardware-info
addgroup --system sysfs
addgroup --system cpuinfo
## group 'sudo' membership required to use 'su'
## /usr/share/pam-configs/wheel-security-misc
addgroup root sudo
## Related to Console Lockdown.
## /usr/share/pam-configs/console-lockdown-security-misc
## /etc/security/access-security-misc.conf
addgroup --system console
addgroup --system console-unrestricted
addgroup --system ssh
## This has no effect since by default this package also ships and an
## /etc/securetty configuration file that contains nothing but comments, i.e.
## an "empty" /etc/securetty.
## In case a system administrator edits /etc/securetty, there is no need to
## block for this to be still blocked by console lockdown. See also:
## https://www.whonix.org/wiki/Root#Root_Login
addgroup root console
sudo_users_check () { sudo_users_check () {
if command -v "qubesdb-read" &>/dev/null; then if command -v "qubesdb-read" &>/dev/null; then
## Qubes users can use dom0 to get a root terminal emulator. ## Qubes users can use dom0 to get a root terminal emulator.