X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;ds=sidebyside;f=fai%2Fconfig%2Fdistro-install-common%2Fend;h=f9a084030917a6ee4d6963b4d5a309dc47e7b46e;hb=edb1a99660561c51aa5c7803d978284c7b423842;hp=602e2ba89ef378cf1e5df6a30da8bd642546b694;hpb=14f283f82afc48d6cec1bb7498ec34ac2b0da77c;p=automated-distro-installer diff --git a/fai/config/distro-install-common/end b/fai/config/distro-install-common/end index 602e2ba..f9a0840 100755 --- a/fai/config/distro-install-common/end +++ b/fai/config/distro-install-common/end @@ -30,22 +30,24 @@ au() { # add user. i don't use adduser for portability fi } -# generating a hashed password: -# under debian, you can do -# mkpasswd -m sha-512 -s >/q/root/shadow/standard -# On arch, best seems to be copy your shadow file to a temp location, -# then passwd, get out the new pass, then copy the shadow file back. -sed 's/^/root:/' $root_pw_f | $ROOTCMD chpasswd -e # only setup root pass for bootstrap vol -if ifclass VOL_BULLSEYE_BOOTSTRAP; then +if ifclass VOL_BULLSEYE_BOOTSTRAP || VOL_BOOKWORM_BOOTSTRAP; then exit 0 fi # return of 9 = user already exists. so we are idempotent. au iank -sed 's/^/iank:/' $root_pw_f | $ROOTCMD chpasswd -e +# generating a hashed password: +# under debian, you can do +# mkpasswd -m sha-512 -s >/q/root/shadow/standard +# On arch, best seems to be copy your shadow file to a temp location, +# then passwd, get out the new pass, then copy the shadow file back. +if [[ -e $root_pw_f ]]; then + sed 's/^/root:/' $root_pw_f | $ROOTCMD chpasswd -e + sed 's/^/iank:/' $root_pw_f | $ROOTCMD chpasswd -e +fi au user2 if ifclass frodo; then @@ -90,6 +92,10 @@ Defaults !umask Defaults:root,iank !log_allowed, !pam_session # for just the root user, set some env vars Defaults>root env_file=/etc/rootsudoenv + +# a few commands we should be able to run with no password +iank ALL = (root) NOPASSWD: /usr/local/bin/spend,/usr/local/bin/us,/usr/local/bin/off,/usr/bin/nmtui-connect,/usr/local/bin/bitcoinoff,/usr/local/bin/bitcoinon + EOF case $HOSTNAME in