fi
}
-# generating a hashed password:
-# under debian, you can do
-# mkpasswd -m sha-512 -s >/q/root/shadow/standard
-# On arch, best seems to be copy your shadow file to a temp location,
-# then passwd, get out the new pass, then copy the shadow file back.
-sed 's/^/root:/' $root_pw_f | $ROOTCMD chpasswd -e
# only setup root pass for bootstrap vol
-if ifclass VOL_BULLSEYE_BOOTSTRAP; then
+# for bootstrap vol, we only use root user
+if ifclass VOL_BULLSEYE_BOOTSTRAP || ifclass VOL_BOOKWORM_BOOTSTRAP; then
+ sed 's/^/root:/' $root_pw_f | $ROOTCMD chpasswd -e
exit 0
fi
# return of 9 = user already exists. so we are idempotent.
au iank
-sed 's/^/iank:/' $root_pw_f | $ROOTCMD chpasswd -e
+# generating a hashed password:
+# under debian, you can do
+# mkpasswd -m sha-512 -s >/q/root/shadow/standard
+# On arch, best seems to be copy your shadow file to a temp location,
+# then passwd, get out the new pass, then copy the shadow file back.
+if [[ -e $root_pw_f ]]; then
+ sed 's/^/root:/' $root_pw_f | $ROOTCMD chpasswd -e
+ sed 's/^/iank:/' $root_pw_f | $ROOTCMD chpasswd -e
+fi
au user2
if ifclass frodo; then
$ROOTCMD usermod -aG sudo iank
fi
+mkdir -p $target/etc/sudoers.d
cat >$target/etc/sudoers.d/ianksudoers <<'EOF'
Defaults timestamp_timeout=1440
# used in bashrc
Defaults:root,iank !log_allowed, !pam_session
# for just the root user, set some env vars
Defaults>root env_file=/etc/rootsudoenv
+
+# a few commands we should be able to run with no password
+iank ALL = (root) NOPASSWD: /usr/local/bin/spend,/usr/local/bin/us,/usr/local/bin/off,/usr/bin/nmtui-connect,/usr/local/bin/bitcoinoff,/usr/local/bin/bitcoinon
+
EOF
case $HOSTNAME in