fi
}
-# generating a hashed password:
-# under debian, you can do
-# mkpasswd -m sha-512 -s >/q/root/shadow/standard
-# On arch, best seems to be copy your shadow file to a temp location,
-# then passwd, get out the new pass, then copy the shadow file back.
-sed 's/^/root:/' $root_pw_f | $ROOTCMD chpasswd -e
# only setup root pass for bootstrap vol
if ifclass VOL_BULLSEYE_BOOTSTRAP; then
# return of 9 = user already exists. so we are idempotent.
au iank
-sed 's/^/iank:/' $root_pw_f | $ROOTCMD chpasswd -e
+# generating a hashed password:
+# under debian, you can do
+# mkpasswd -m sha-512 -s >/q/root/shadow/standard
+# On arch, best seems to be copy your shadow file to a temp location,
+# then passwd, get out the new pass, then copy the shadow file back.
+if [[ -e $root_pw_f ]]; then
+ sed 's/^/root:/' $root_pw_f | $ROOTCMD chpasswd -e
+ sed 's/^/iank:/' $root_pw_f | $ROOTCMD chpasswd -e
+fi
au user2
if ifclass frodo; then
Defaults:root,iank !log_allowed, !pam_session
# for just the root user, set some env vars
Defaults>root env_file=/etc/rootsudoenv
+
+# a few commands we should be able to run with no password
+iank ALL = (root) NOPASSWD: /usr/local/bin/spend,/usr/bin/nmtui-connect,/usr/local/bin/bitcoinoff
+
EOF
case $HOSTNAME in