Skip to content

Commit

Permalink
Simplify bash remediation
Browse files Browse the repository at this point in the history 
The group must exist and must be empty. Reduced the number of commands
to achieve these goals.
  • Loading branch information
@marcusburghardt
marcusburghardt committed Oct 11, 2023
1 parent 58afa7c commit 250cc8f
Showing 1 changed file with 1 addition and 6 deletions.
7 changes: 1 addition & 6 deletions ...em/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/bash/shared.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,4 @@ if ! grep -q "^${var_pam_wheel_group_for_su}:[^:]*:[^:]*:[^:]*" /etc/group; then
fi

# group must be empty
grp_memb=$(groupmems -g ${var_pam_wheel_group_for_su} -l)
if [ -n "${grp_memb}" ]; then
for memb in ${grp_memb}; do
deluser ${memb} ${var_pam_wheel_group_for_su}
done
fi
groupmems -g ${var_pam_wheel_group_for_su} -p

This comment has been minimized.

Sign in to view

Copy link
@mpurg

mpurg Oct 16, 2023

Contributor

This change is breaking on Ubuntu (tested 22.04).
groupmems -g groupname -p hangs with a password prompt even when running as root.
Let me know if you want me to open an issue.

This comment has been minimized.

Sign in to view

Copy link
@marcusburghardt

marcusburghardt Oct 16, 2023

Author Member

Hi @mpurg , thanks for informing this. Do you have any idea on why is the command failing? Does the groupmems -g groupname -l work? It would be good to open an Upstream issue so we can better investigate the issue.

This comment has been minimized.

Sign in to view

Copy link
@mpurg

mpurg Oct 16, 2023

Contributor

Hey @marcusburghardt . I didn't have time to investigate yet. -l works just fine. I'll open the issue tomorrow.

This comment has been minimized.

Sign in to view

Copy link
@mpurg

mpurg Oct 17, 2023

Contributor

Hey @marcusburghardt , issue is at #11208

0 comments on commit 250cc8f

Please sign in to comment.