Skip to content
Snippets Groups Projects
Commit d9ded258 authored by Thomas Bellman's avatar Thomas Bellman
Browse files

Definition for managing /etc/securetty entries.

This adds a definition console::rootlogin for allowing or forbidding
root logins on specific terminals, i.e. entries in /etc/securetty.
parent 030ca77c
No related branches found
No related tags found
No related merge requests found
# Copyright © 2019 Thomas Bellman, Linköping, Sweden
# Licensed under the GNU LGPL v3+; see the README file for more information.
/*
* Allow or forbid root to login on specific terminals.
* Manages entries in /etc/securetty.
*
* Parameters:
* - name Name of terminal device, without the /dev/ prefix.
* - ensure Wether to 'allow' or 'forbid' root to login on the
* terminal in question.
*/
define console::rootlogin($ensure)
{
case $ensure
{
'allow': {
augeas {
"console::serial::login::securetty::${name}":
incl => '/etc/securetty',
lens => 'Securetty.lns',
context => '/files/etc/securetty',
changes => "set 099 '${name}'",
onlyif => "get *[.='${name}'] != '${name}'";
}
}
'forbid': {
augeas {
"console::serial::login::securetty::${name}":
incl => '/etc/securetty',
lens => 'Securetty.lns',
context => '/files/etc/securetty',
changes => "rm *[.='${name}']";
}
}
default: {
fail("Console::Rootlogin[${title}]: ",
"Bad value for parameter ensure, `${ensure}'")
}
}
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment