Compare commits
3 Commits
812e09c044
...
14efcc579b
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
14efcc579b | ||
|
|
9104c1770e | ||
|
|
6a2ba02647 |
21
init.sh
21
init.sh
@ -690,16 +690,21 @@ initUsers()
|
|||||||
sudo systemctl restart docker
|
sudo systemctl restart docker
|
||||||
isSuccessful "User $sudo_user_name created successfully."
|
isSuccessful "User $sudo_user_name created successfully."
|
||||||
fi
|
fi
|
||||||
local sudoers_file="/etc/sudoers"
|
# Manager-user sudo lives in a validated /etc/sudoers.d drop-in, not appended
|
||||||
local sudo_entry="$sudo_user_name ALL=(ALL) NOPASSWD: ALL"
|
# to /etc/sudoers — a malformed line in the main file locks out sudo entirely.
|
||||||
if ! grep -q "$sudo_entry" $sudoers_file; then
|
# The grant is broad for now; this single drop-in is what gets tightened to a
|
||||||
echo "" | sudo tee -a "$sudoers_file" > /dev/null
|
# scoped command allowlist once the runtime no longer needs broad root.
|
||||||
echo "$sudo_entry" | sudo tee -a "$sudoers_file" > /dev/null
|
local sudoers_dropin="/etc/sudoers.d/${sudo_user_name}"
|
||||||
sudo visudo -c > /dev/null
|
local sudoers_tmp
|
||||||
isSuccessful "Added passwordless sudo entry for user $sudo_user_name."
|
sudoers_tmp=$(mktemp)
|
||||||
|
printf '%s ALL=(ALL) NOPASSWD: ALL\n' "$sudo_user_name" > "$sudoers_tmp"
|
||||||
|
if sudo visudo -cf "$sudoers_tmp" >/dev/null 2>&1; then
|
||||||
|
sudo install -m 0440 -o root -g root "$sudoers_tmp" "$sudoers_dropin"
|
||||||
|
isSuccessful "Configured passwordless sudo for $sudo_user_name (/etc/sudoers.d/${sudo_user_name})."
|
||||||
else
|
else
|
||||||
isSuccessful "Passwordless sudo entry already setup."
|
isError "Refusing to install an invalid sudoers drop-in for $sudo_user_name."
|
||||||
fi
|
fi
|
||||||
|
rm -f "$sudoers_tmp"
|
||||||
}
|
}
|
||||||
|
|
||||||
initFolders()
|
initFolders()
|
||||||
|
|||||||
@ -24,6 +24,7 @@ source_scripts=(
|
|||||||
"source/files/arrays/files_restore.sh"
|
"source/files/arrays/files_restore.sh"
|
||||||
"source/files/arrays/files_setup.sh"
|
"source/files/arrays/files_setup.sh"
|
||||||
"source/files/arrays/files_source.sh"
|
"source/files/arrays/files_source.sh"
|
||||||
|
"source/files/arrays/files_ssh.sh"
|
||||||
"source/files/arrays/files_start.sh"
|
"source/files/arrays/files_start.sh"
|
||||||
"source/files/arrays/files_update.sh"
|
"source/files/arrays/files_update.sh"
|
||||||
"source/files/arrays/files_webui.sh"
|
"source/files/arrays/files_webui.sh"
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user