X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=fai%2Fconfig%2Fdistro-install-common%2Fend;h=22fa4f0c322f34b1310626ed88d97321d9c63ef5;hb=79cd04733bf570db299ef09195c498a63f3f3fd5;hp=57b71159f62352228b8f53f28fb0b3ae89e138f8;hpb=9fefba0a7ad0f7d9cac32b81f960ae8828de2a66;p=automated-distro-installer diff --git a/fai/config/distro-install-common/end b/fai/config/distro-install-common/end index 57b7115..22fa4f0 100755 --- a/fai/config/distro-install-common/end +++ b/fai/config/distro-install-common/end @@ -18,28 +18,11 @@ if [[ -e $src && -e $dst ]]; then cp -rT $src $dst fi -USER2PW=/q/root/shadow/user2 -# if doesn't exist, we dont set one -ROOTPW=/q/root/shadow/standard -if [[ ! -e $ROOTPW ]]; then - ROOTPW=/q/root/shadow/$HOSTNAME +root_pw_f=/q/root/shadow/standard +if [[ ! -e $root_pw_f ]]; then + root_pw_f=/q/root/shadow/$HOSTNAME fi -chpw() { - # generating a hashed password: - # under debian, you can do - # mkpasswd -m sha-512 -s >/q/root/shadow/standard - # On arch, best seems to be copy your shadow file to a temp location, - # then passwd, get out the new pass, then copy the shadow file back. - - user=$1 - pwfile=$2 - if [[ $pwfile && -e $pwfile ]]; then - printf "$user:" | cat - "$pwfile" | $ROOTCMD chpasswd -e - else - echo "$0: warning: no pw set for $user" >&2 - fi -} au() { # add user. i don't use adduser for portability local user=${@: -1} if ! $ROOTCMD getent passwd $user; then @@ -47,7 +30,6 @@ au() { # add user. i don't use adduser for portability fi } -chpw root "$ROOTPW" # only setup root pass for bootstrap vol if ifclass VOL_BULLSEYE_BOOTSTRAP; then @@ -57,11 +39,19 @@ fi # return of 9 = user already exists. so we are idempotent. au iank -chpw iank "$ROOTPW" +# generating a hashed password: +# under debian, you can do +# mkpasswd -m sha-512 -s >/q/root/shadow/standard +# On arch, best seems to be copy your shadow file to a temp location, +# then passwd, get out the new pass, then copy the shadow file back. +if [[ -e $root_pw_f ]]; then + sed 's/^/root:/' $root_pw_f | $ROOTCMD chpasswd -e + sed 's/^/iank:/' $root_pw_f | $ROOTCMD chpasswd -e +fi au user2 if ifclass frodo; then - chpw user2 "$USER2PW" + sed 's/^/user2:/' /q/root/shadow/user2 | $ROOTCMD chpasswd -e fi # comparing iank's groups to user2, I see none she should join on arch $ROOTCMD usermod -a -G user2 iank @@ -80,6 +70,10 @@ echo "fs.inotify.max_user_watches = 50000" >> $f # applies it. it would be also be applied after a reboot $ROOTCMD sysctl --system +if getent group sudo >/dev/null; then + $ROOTCMD usermod -aG sudo iank +fi + cat >$target/etc/sudoers.d/ianksudoers <<'EOF' Defaults timestamp_timeout=1440 # used in bashrc @@ -98,7 +92,19 @@ Defaults !umask Defaults:root,iank !log_allowed, !pam_session # for just the root user, set some env vars Defaults>root env_file=/etc/rootsudoenv + +# a few commands we should be able to run with no password +iank ALL = (root) NOPASSWD: /usr/local/bin/spend,/usr/bin/nmtui-connect + +EOF + +case $HOSTNAME in + li|bk|je) + cat >>$target/etc/sudoers.d/ianksudoers <<'EOF' +iank ALL=(ALL) NOPASSWD: ALL EOF + ;; +esac # remove old config line. can be removed eventually. f=$target/etc/sudoers