Add /etc/local/access.conf symlink

Currently, /etc/security/access.conf is a wild file (not installed by a package) and has no function (just a copy of /etc/security/access.conf.sample) with comments only. /etc/security/access.conf is used by pam_access which is configured for sshd and most other pam services. Create a symlink from /etc/security/access.conf to /etc/local/access.conf, so that we can install a host specific access file. This is going to be used to restrict access to certain machines to trusted users. Such a file could, for example, look like this: + : ALL : LOCAL + : root (admin) : ALL - : ALL : ALL to allow remote access to root user and the admin group only. If the target file doesn't exists, which should be the default case, pam_access doesn't block the authentication.
mariux64 · Mar 30, 2023 · 6d27dca · 6d27dca
1 parent c11eff1
commit 6d27dca
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/install.sh b/install.sh
@@ -264,6 +264,7 @@ for f in libexec_startup/*; do
 done
 install_data misc_etc_files/request-key.d/id_resolver.conf \
                                                           "$DESTDIR$sysconfdir/request-key.d/id_resolver.conf"
+install_symlink /etc/local/access.conf                    "$DESTDIR$sysconfdir/security/access.conf"
 
 postinstall
 exit