it-team/lmn-client
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Exit pam_exec script when not running as root

Browse source 
When terminating screen lock, pam_exec is called in the context of the corresponding user.
Non-root users don't have the permission to start/stop firewalld. So exit immediately.
This commit is contained in:
Raphael Dannecker 2025-02-14 08:45:37 +01:00
parent 8b57bef7f8
commit bde276d962
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
roles/lmn_fvs/files/pam-exec.sh
View file

@ -1,5 +1,8 @@
#!/usr/bin/bash #!/usr/bin/bash
# exit if not running as root. Because other user don't have privileges to start/stop firewalld.
[[ "${UID}" -eq "0" ]] || exit 0
if [[ "${PAM_USER}" =~ -exam$ ]]; then if [[ "${PAM_USER}" =~ -exam$ ]]; then
systemctl start firewalld.service systemctl start firewalld.service
elif ! (users | grep -q -- "-exam"); then elif ! (users | grep -q -- "-exam"); then