Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
path: root/archinstall/lib
diff options
context:
space:
mode:
authorEugĂȘnio Pacceli Reis da Fonseca <eugeniofonseca14@gmail.com>2022-03-07 05:15:14 -0300
committerGitHub <noreply@github.com>2022-03-07 09:15:14 +0100
commitf7aba1d31c0556b38ee48270ba530359bc274ebf (patch)
tree49acf578f2479be1f0681f86fa09a625a86bfae9 /archinstall/lib
parentd9d59bee680bddbfacc61ec389b5015f79ff162c (diff)
Adding sudoers.d file instead of appending to sudoers (#1025)
* Addresses issue #985: Add sudoers.d file instead of appending to sudoers * Fixed comment * Added string safety check for illegal chars before attempting to create a file. * Fixing commentaries * More fixes to the sudoers.d modification: adds an includedir to sudoers if sudoers.d did not exist previously, waits for python to close and release the new rule file before attempting to set its permissions to 440. * Regex fix and better code formatting.
Diffstat (limited to 'archinstall/lib')
-rw-r--r--archinstall/lib/installer.py28
1 files changed, 27 insertions, 1 deletions
diff --git a/archinstall/lib/installer.py b/archinstall/lib/installer.py
index 894bcc2a..9060083a 100644
--- a/archinstall/lib/installer.py
+++ b/archinstall/lib/installer.py
@@ -956,8 +956,34 @@ class Installer:
def enable_sudo(self, entity: str, group :bool = False) -> bool:
self.log(f'Enabling sudo permissions for {entity}.', level=logging.INFO)
- with open(f'{self.target}/etc/sudoers', 'a') as sudoers:
+
+ sudoers_dir = f"{self.target}/etc/sudoers.d"
+
+ # Creates directory if not exists
+ if not (sudoers_path := pathlib.Path(sudoers_dir)).exists():
+ sudoers_path.mkdir(parents=True)
+ # Guarantees sudoer confs directory recommended perms
+ os.chmod(sudoers_dir, 0o440)
+ # Appends a reference to the sudoers file, because if we are here sudoers.d did not exist yet
+ with open(f'{self.target}/etc/sudoers', 'a') as sudoers:
+ sudoers.write('@includedir /etc/sudoers.d\n')
+
+ # We count how many files are there already so we know which number to prefix the file with
+ num_of_rules_already = len(os.listdir(sudoers_dir))
+ file_num_str = "{:02d}".format(num_of_rules_already) # We want 00_user1, 01_user2, etc
+
+ # Guarantees that entity str does not contain invalid characters for a linux file name:
+ # \ / : * ? " < > |
+ safe_entity_file_name = re.sub(r'(\\|\/|:|\*|\?|"|<|>|\|)', '', entity)
+
+ rule_file_name = f"{sudoers_dir}/{file_num_str}_{safe_entity_file_name}"
+
+ with open(rule_file_name, 'a') as sudoers:
sudoers.write(f'{"%" if group else ""}{entity} ALL=(ALL) ALL\n')
+
+ # Guarantees sudoer conf file recommended perms
+ os.chmod(pathlib.Path(rule_file_name), 0o440)
+
return True
def user_create(self, user :str, password :Optional[str] = None, groups :Optional[str] = None, sudo :bool = False) -> None: