From 482d34825d9176f31187f2d91ecb3cf286ade12d Mon Sep 17 00:00:00 2001 From: Yi Zhao Date: Wed, 1 Aug 2018 14:46:38 +0800 Subject: sudo: add PACKAGECONFIG for pam-wheel The pam_wheel PAM module is used to enforce the so-called wheel group. By default it permits root access to the system if the applicant user is a member of the wheel group. Add PACKAGECONFIG to enable pam_wheel module for sudo. (From OE-Core rev: 7a46ca79b18527a56de470fcaaf95c870c097cf6) Signed-off-by: Yi Zhao Signed-off-by: Richard Purdie --- meta/recipes-extended/sudo/sudo.inc | 1 + meta/recipes-extended/sudo/sudo_1.8.23.bb | 4 ++++ 2 files changed, 5 insertions(+) (limited to 'meta/recipes-extended/sudo') diff --git a/meta/recipes-extended/sudo/sudo.inc b/meta/recipes-extended/sudo/sudo.inc index 6e57669a01..69dccde592 100644 --- a/meta/recipes-extended/sudo/sudo.inc +++ b/meta/recipes-extended/sudo/sudo.inc @@ -19,6 +19,7 @@ inherit autotools PACKAGECONFIG ??= "" PACKAGECONFIG[zlib] = "--enable-zlib,--disable-zlib,zlib" +PACKAGECONFIG[pam-wheel] = ",,,pam-plugin-wheel" CONFFILES_${PN} = "${sysconfdir}/sudoers" diff --git a/meta/recipes-extended/sudo/sudo_1.8.23.bb b/meta/recipes-extended/sudo/sudo_1.8.23.bb index 9756fe26d7..ab9c8cbea2 100644 --- a/meta/recipes-extended/sudo/sudo_1.8.23.bb +++ b/meta/recipes-extended/sudo/sudo_1.8.23.bb @@ -22,6 +22,10 @@ EXTRA_OECONF += " \ do_install_append () { if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then install -D -m 644 ${WORKDIR}/sudo.pam ${D}/${sysconfdir}/pam.d/sudo + if ${@bb.utils.contains('PACKAGECONFIG', 'pam-wheel', 'true', 'false', d)} ; then + echo 'auth required pam_wheel.so use_uid' >>${D}${sysconfdir}/pam.d/sudo + sed -i 's/# \(%wheel ALL=(ALL) ALL\)/\1/' ${D}${sysconfdir}/sudoers + fi fi chmod 4111 ${D}${bindir}/sudo -- cgit v1.2.3-54-g00ecf