Adding sudoers.d file instead of appending to sudoers (#1025)

* Addresses issue #985: Add sudoers.d file instead of appending to sudoers * Fixed comment * Added string safety check for illegal chars before attempting to create a file. * Fixing commentaries * More fixes to the sudoers.d modification: adds an includedir to sudoers if sudoers.d did not exist previously, waits for python to close and release the new rule file before attempting to set its permissions to 440. * Regex fix and better code formatting.
author: Eugênio Pacceli Reis da Fonseca <eugeniofonseca14@gmail.com> 2022-03-07 05:15:14 -0300
committer: GitHub <noreply@github.com> 2022-03-07 09:15:14 +0100
commit: f7aba1d31c0556b38ee48270ba530359bc274ebf (patch)
tree: 49acf578f2479be1f0681f86fa09a625a86bfae9 /archinstall/lib/installer.py
parent: d9d59bee680bddbfacc61ec389b5015f79ff162c (diff)
1 files changed, 27 insertions, 1 deletions
diff --git a/archinstall/lib/installer.py b/archinstall/lib/installer.py
index 894bcc2a..9060083a 100644
--- a/archinstall/lib/installer.py
+++ b/archinstall/lib/installer.py
@@ -956,8 +956,34 @@ class Installer:
 
 	def enable_sudo(self, entity: str, group :bool = False) -> bool:
 		self.log(f'Enabling sudo permissions for {entity}.', level=logging.INFO)
-		with open(f'{self.target}/etc/sudoers', 'a') as sudoers:
+		
+		sudoers_dir = f"{self.target}/etc/sudoers.d"
+		
+		# Creates directory if not exists
+		if not (sudoers_path := pathlib.Path(sudoers_dir)).exists():
+			sudoers_path.mkdir(parents=True)
+			# Guarantees sudoer confs directory recommended perms
+			os.chmod(sudoers_dir, 0o440)
+			# Appends a reference to the sudoers file, because if we are here sudoers.d did not exist yet
+			with open(f'{self.target}/etc/sudoers', 'a') as sudoers:
+				sudoers.write('@includedir /etc/sudoers.d\n')
+		
+		# We count how many files are there already so we know which number to prefix the file with
+		num_of_rules_already = len(os.listdir(sudoers_dir))
+		file_num_str = "{:02d}".format(num_of_rules_already) # We want 00_user1, 01_user2, etc
+
+		# Guarantees that entity str does not contain invalid characters for a linux file name:
+		# \ / : * ? " < > |
+		safe_entity_file_name = re.sub(r'(\\|\/|:|\*|\?|"|<|>|\|)', '', entity)
+
+		rule_file_name = f"{sudoers_dir}/{file_num_str}_{safe_entity_file_name}"
+		
+		with open(rule_file_name, 'a') as sudoers:
 			sudoers.write(f'{"%" if group else ""}{entity} ALL=(ALL) ALL\n')
+		
+		# Guarantees sudoer conf file recommended perms
+		os.chmod(pathlib.Path(rule_file_name), 0o440)
+
 		return True
 
 	def user_create(self, user :str, password :Optional[str] = None, groups :Optional[str] = None, sudo :bool = False) -> None:
author	Eugênio Pacceli Reis da Fonseca <eugeniofonseca14@gmail.com>	2022-03-07 05:15:14 -0300
committer	GitHub <noreply@github.com>	2022-03-07 09:15:14 +0100
commit	f7aba1d31c0556b38ee48270ba530359bc274ebf (patch)
tree	49acf578f2479be1f0681f86fa09a625a86bfae9 /archinstall/lib/installer.py
parent	d9d59bee680bddbfacc61ec389b5015f79ff162c (diff)