-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy patharch-setup-sudo
More file actions
executable file
·66 lines (64 loc) · 2.85 KB
/
arch-setup-sudo
File metadata and controls
executable file
·66 lines (64 loc) · 2.85 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
#!/bin/sh
#
# Configure sudo.
#
# Add standard administrator's group 'wheel' into sudoers.
# If variable ARCH_SETUP_SUDO_NOPASSWD is defined and non-empty, then sudo are
# allowed without a password.
#
# The default /etc/sudoers typically ends with something like this:
#
# ##
# ## User privilege specification
# ##
# root ALL=(ALL:ALL) ALL
#
# ## Uncomment to allow members of group wheel to execute any command
# # %wheel ALL=(ALL:ALL) ALL
#
# ## Same thing without a password
# # %wheel ALL=(ALL:ALL) NOPASSWD: ALL
#
# ## Uncomment to allow members of group sudo to execute any command
# # %sudo ALL=(ALL:ALL) ALL
#
# ## Uncomment to allow any user to run sudo if they know the password
# ## of the user they are running the command as (root by default).
# # Defaults targetpw # Ask for the password of the target user
# # ALL ALL=(ALL:ALL) ALL # WARNING: only use this together with 'Defaults targetpw'
#
# ## Read drop-in files from /etc/sudoers.d
# @includedir /etc/sudoers.d
#
# Older versions used "ALL=(ALL) ALL" syntax instead of "ALL=(ALL:ALL) ALL", which
# allowed sudo as any user but only the primary group (normally root).
# For completeness newer versions include reference to both groups wheel
# and sudo, but wheel is the traditional group that re used by Arch (sudo
# was introduced by Debian and also used on Ubuntu).
#
# Here we just look for an uncommented line referring to the %wheel group,
# and assume then it is already configured without further considerations.
# If not found we create a new file /etc/sudoers.d/wheel and write the
# corresponding line in there. Hard to make this very robust, with regards
# to possible file edits, additional files in sudoers.d etc.
#
# Verify running as root (not relying on sudo which may not be installed yet).
if [ ${EUID:-$(id -u)} -ne 0 ]; then
echo 'Please run this script as root' >&2
exit 1
fi
# Check if sudoers file seems to have configured wheel group, if not then
# add configuration in separate config file /etc/sudoers.d/wheel, unless it already exists.
if grep --quiet --extended-regexp '^\s*%wheel\s+' /etc/sudoers; then # Any configuration of the wheel group uncommented in main config file?
echo "Skipping sudoers update: Group wheel is already configured"
grep --extended-regexp '^(\s|#)*%wheel\s+' /etc/sudoers # Show all, commented or not!
elif [ -f "/etc/sudoers.d/wheel" ]; then
echo "Skipping sudoers update: File /etc/sudoers.d/wheel already exists"
cat /etc/sudoers.d/wheel
elif [ -z "$ARCH_SETUP_SUDO_NOPASSWD" ]; then
echo "Creating /etc/sudoers.d/wheel adding group wheel to sudoers"
(umask 0337 && echo "%wheel ALL=(ALL:ALL) ALL" | tee /etc/sudoers.d/wheel)
else
echo "Creating /etc/sudoers.d/wheel adding group wheel without requiring password to sudoers"
(umask 0337 && echo "%wheel ALL=(ALL:ALL) NOPASSWD: ALL" | tee /etc/sudoers.d/wheel)
fi