void-mklive icon indicating copy to clipboard operation
void-mklive copied to clipboard
verified publisher icon void-linux

fix: sed execution for sudoers

Open hervyqa opened this issue 3 years ago • 1 comments

installer.sh.in sed cannot be executed if using (ALL) only, because currently sudoers uses (ALL:ALL). but I'm not sure that clouds.sh and vagrant.sh need to be changed too.

hervyqa avatar Jul 11 '22 01:07 hervyqa

This should probably be changed to drop a file in /etc/sudoers.d/ using sed on whatever default configuration sudo will ship at the time of installation seems fragile.

Duncaen avatar Aug 12 '22 21:08 Duncaen

@Duncaen how's this look? (building off of what's already in this PR)

diff --git a/dracut/vmklive/adduser.sh b/dracut/vmklive/adduser.sh
index 344c37c..a106340 100644
--- a/dracut/vmklive/adduser.sh
+++ b/dracut/vmklive/adduser.sh
@@ -32,7 +32,7 @@ chroot ${NEWROOT} sh -c "echo "$USERNAME:voidlinux" | chpasswd -c SHA512"
 
 # Enable sudo permission by default.
 if [ -f ${NEWROOT}/etc/sudoers ]; then
-    echo "${USERNAME} ALL=(ALL:ALL) NOPASSWD: ALL" >> ${NEWROOT}/etc/sudoers
+    echo "${USERNAME} ALL=(ALL:ALL) NOPASSWD: ALL" > "${NEWROOT}/etc/sudoers.d/99-void-live"
 fi
 
 if [ -d ${NEWROOT}/etc/polkit-1 ]; then
diff --git a/installer.sh.in b/installer.sh.in
index fe000de..bcd50ca 100644
--- a/installer.sh.in
+++ b/installer.sh.in
@@ -1246,7 +1246,7 @@ ${BOLD}Do you want to continue?${RESET}" 20 80 || return
         # Remove live user.
         echo "Removing $USERNAME live user from targetdir ..." >$LOG
         chroot $TARGETDIR userdel -r $USERNAME >$LOG 2>&1
-        sed -i -e "/$USERNAME ALL=.*/d" $TARGETDIR/etc/sudoers
+        rm -f $TARGETDIR/etc/sudoers.d/99-void-live
         TITLE="Check $LOG for details ..."
         INFOBOX "Rebuilding initramfs for target ..." 4 60
         echo "Rebuilding initramfs for target ..." >$LOG
@@ -1311,16 +1311,15 @@ ${BOLD}Do you want to continue?${RESET}" 20 80 || return
         fi
     fi
 
-    if [ -f $TARGETDIR/etc/sudoers ]; then
+    if [ -d $TARGETDIR/etc/sudoers.d ]; then
         USERLOGIN="$(get_option USERLOGIN)"
         if [ -z "$(echo $(get_option USERGROUPS) | grep -w wheel)" -a -n "$USERLOGIN" ]; then
             # enable sudo for primary user USERLOGIN who is not member of wheel
-            echo "# Enable sudo for login '$USERLOGIN'" >> $TARGETDIR/etc/sudoers
-            echo "$USERLOGIN ALL=(ALL:ALL) ALL" >> $TARGETDIR/etc/sudoers
+            echo "# Enable sudo for login '$USERLOGIN'" > "$TARGETDIR/etc/sudoers.d/$USERLOGIN"
+            echo "$USERLOGIN ALL=(ALL:ALL) ALL" >> "$TARGETDIR/etc/sudoers.d/$USERLOGIN"
         else
             # enable the sudoers entry for members of group wheel
-            sed -i $TARGETDIR/etc/sudoers \
-                -e "s;#.*%wheel ALL=(ALL:ALL) ALL;%wheel ALL=(ALL:ALL) ALL;"
+            echo "%wheel ALL=(ALL:ALL) ALL" > "$TARGETDIR/etc/sudoers.d/wheel"
         fi
         unset USERLOGIN
     fi

classabbyamp avatar Sep 02 '22 23:09 classabbyamp

lgtm

Duncaen avatar Sep 02 '22 23:09 Duncaen

tested & working for all cases of the installer, but I'm not sure how to test the clouds/vagrant scripts

classabbyamp avatar Sep 03 '22 01:09 classabbyamp