From f7aba1d31c0556b38ee48270ba530359bc274ebf Mon Sep 17 00:00:00 2001 From: EugĂȘnio Pacceli Reis da Fonseca Date: Mon, 7 Mar 2022 05:15:14 -0300 Subject: Adding sudoers.d file instead of appending to sudoers (#1025) * Addresses issue #985: Add sudoers.d file instead of appending to sudoers * Fixed comment * Added string safety check for illegal chars before attempting to create a file. * Fixing commentaries * More fixes to the sudoers.d modification: adds an includedir to sudoers if sudoers.d did not exist previously, waits for python to close and release the new rule file before attempting to set its permissions to 440. * Regex fix and better code formatting. --- archinstall/lib/installer.py | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) (limited to 'archinstall/lib/installer.py') diff --git a/archinstall/lib/installer.py b/archinstall/lib/installer.py index 894bcc2a..9060083a 100644 --- a/archinstall/lib/installer.py +++ b/archinstall/lib/installer.py @@ -956,8 +956,34 @@ class Installer: def enable_sudo(self, entity: str, group :bool = False) -> bool: self.log(f'Enabling sudo permissions for {entity}.', level=logging.INFO) - with open(f'{self.target}/etc/sudoers', 'a') as sudoers: + + sudoers_dir = f"{self.target}/etc/sudoers.d" + + # Creates directory if not exists + if not (sudoers_path := pathlib.Path(sudoers_dir)).exists(): + sudoers_path.mkdir(parents=True) + # Guarantees sudoer confs directory recommended perms + os.chmod(sudoers_dir, 0o440) + # Appends a reference to the sudoers file, because if we are here sudoers.d did not exist yet + with open(f'{self.target}/etc/sudoers', 'a') as sudoers: + sudoers.write('@includedir /etc/sudoers.d\n') + + # We count how many files are there already so we know which number to prefix the file with + num_of_rules_already = len(os.listdir(sudoers_dir)) + file_num_str = "{:02d}".format(num_of_rules_already) # We want 00_user1, 01_user2, etc + + # Guarantees that entity str does not contain invalid characters for a linux file name: + # \ / : * ? " < > | + safe_entity_file_name = re.sub(r'(\\|\/|:|\*|\?|"|<|>|\|)', '', entity) + + rule_file_name = f"{sudoers_dir}/{file_num_str}_{safe_entity_file_name}" + + with open(rule_file_name, 'a') as sudoers: sudoers.write(f'{"%" if group else ""}{entity} ALL=(ALL) ALL\n') + + # Guarantees sudoer conf file recommended perms + os.chmod(pathlib.Path(rule_file_name), 0o440) + return True def user_create(self, user :str, password :Optional[str] = None, groups :Optional[str] = None, sudo :bool = False) -> None: -- cgit v1.2.3-54-g00ecf