RomanNum3ral
/
archinstall
mirror of https://github.com/archlinux/archinstall.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Adding sudoers.d file instead of appending to sudoers (#1025) 

* Addresses issue #985: Add sudoers.d file instead of appending to sudoers

* Fixed comment

* Added string safety check for illegal chars before attempting to create a file.

* Fixing commentaries

* More fixes to the sudoers.d modification: adds an includedir to sudoers if sudoers.d did not exist previously, waits for python to close and release the new rule file before attempting to set its permissions to 440.

* Regex fix and better code formatting.
This commit is contained in:
Eugênio Pacceli Reis da Fonseca 2022-03-07 05:15:14 -03:00 committed by GitHub
parent d9d59bee68
commit f7aba1d31c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 27 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
archinstall/lib/installer.py
View File

@ -956,8 +956,34 @@ class Installer:
def enable_sudo(self, entity: str, group :bool = False) -> bool:
self.log(f'Enabling sudo permissions for {entity}.', level=logging.INFO)
with open(f'{self.target}/etc/sudoers', 'a') as sudoers:
sudoers_dir = f"{self.target}/etc/sudoers.d"
# Creates directory if not exists
if not (sudoers_path := pathlib.Path(sudoers_dir)).exists():
sudoers_path.mkdir(parents=True)
# Guarantees sudoer confs directory recommended perms
os.chmod(sudoers_dir, 0o440)
# Appends a reference to the sudoers file, because if we are here sudoers.d did not exist yet
with open(f'{self.target}/etc/sudoers', 'a') as sudoers:
sudoers.write('@includedir /etc/sudoers.d\n')
# We count how many files are there already so we know which number to prefix the file with
num_of_rules_already = len(os.listdir(sudoers_dir))
file_num_str = "{:02d}".format(num_of_rules_already) # We want 00_user1, 01_user2, etc
# Guarantees that entity str does not contain invalid characters for a linux file name:
# \ / : * ? " < > |
safe_entity_file_name = re.sub(r'(\\|\/|:|\*|\?|"|<|>|\|)', '', entity)
rule_file_name = f"{sudoers_dir}/{file_num_str}_{safe_entity_file_name}"
with open(rule_file_name, 'a') as sudoers:
sudoers.write(f'{"%" if group else ""}{entity} ALL=(ALL) ALL\n')
# Guarantees sudoer conf file recommended perms
os.chmod(pathlib.Path(rule_file_name), 0o440)
return True
def user_create(self, user :str, password :Optional[str] = None, groups :Optional[str] = None, sudo :bool = False) -> None: