From 6d27dcad5f985979ac56e4c6da682558590cedd6 Mon Sep 17 00:00:00 2001
From: Donald Buczek <buczek@molgen.mpg.de>
Date: Thu, 30 Mar 2023 17:17:30 +0200
Subject: [PATCH] Add /etc/local/access.conf symlink

Currently, /etc/security/access.conf is a wild file (not installed by a
package) and has no function (just a copy of
/etc/security/access.conf.sample) with comments only.

/etc/security/access.conf is used by pam_access which is configured for
sshd and most other pam services.

Create a symlink from /etc/security/access.conf to
/etc/local/access.conf, so that we can install a host specific access
file. This is going to be used to restrict access to certain machines to
trusted users. Such a file could, for example, look like this:

    + : ALL : LOCAL
    + : root (admin) : ALL
    - : ALL : ALL

to allow remote access to root user and the admin group only.

If the target file doesn't exists, which should be the default case,
pam_access doesn't block the authentication.
---
 install.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/install.sh b/install.sh
index 17e909b..1b14c4f 100755
--- a/install.sh
+++ b/install.sh
@@ -264,6 +264,7 @@ for f in libexec_startup/*; do
 done
 install_data misc_etc_files/request-key.d/id_resolver.conf \
                                                           "$DESTDIR$sysconfdir/request-key.d/id_resolver.conf"
+install_symlink /etc/local/access.conf                    "$DESTDIR$sysconfdir/security/access.conf"
 
 postinstall
 exit