obel1x/fedora-OEMDRV
0
0
Fork 1
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Different behaviour of "sudo -l" checks

Browse Source 
Better shebangs
This commit is contained in:
Daniel Pätzold
2026-03-16 11:53:31 +01:00
parent 453201981a
commit 264d1d4931
9 changed files with 39 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files
system_setup/create_nc_package_from_sys_config.sh
+1 -1
View File
@@ -1,4 +1,4 @@
#!/bin/sh
#!/usr/bin/env sh
source $(dirname "$0")/setup_system.inc.sh
mkdir -p ${HOME}/temp
cd ${SYSCONFIGPATH}
system_setup/logon_script.sh
+20 -3
View File
@@ -1,4 +1,4 @@
#!/bin/sh
#!/usr/bin/env sh
# SPDX-FileCopyrightText: Daniel Pätzold
# SPDX-License-Identifier: AGPL-3.0-or-later
#
@@ -56,20 +56,36 @@ elog_add "Update and install client software"
# First, check the sudo rule
elog_add "Check the matching client rule:"
#Somewhat strange sudo -l will ask for password instead of just checking if the rule can be found, so it needs -n to be silent
#Somewhat strange "sudo -l" will *sometimes* ask for password instead of just checking if the rule can be found, so it needs -n to be silent
# The behaviour will be:
# A. If "sudo -l" wants a password (some installations!):
# If a matching rule with !authenticate is found, no passwd will be asked and retno is 0
# If there is a rule matching with no !authenticate, then a password would be asked. This is prevented, so there will only be the
# error "a password is needed" an retno is 1
# If there is no sudo rule at all, it will only set retno to 1
elog_add_command "/usr/bin/sudo -n -l ${SYSCONFIGPATH}/system_setup/sync_client_software.sh"
#-> Anyway, returning > 0 means the user is not allowed to run sw installation, which is fine. Print Message and skip installation.
#
# B. If "sudo -l" doesn't not want a password, then
# RETNO = 0 , but the Output of "sudo -l -l" must als be checked, if there is an Option !authenticate in the returnung string, otherwise a failed installation cannot be
# divided from a missing sudo-rule
#
elog_add_command "/usr/bin/sudo -n -l -l ${SYSCONFIGPATH}/system_setup/sync_client_software.sh"
if [[ $RETNO -ne 0 ]]; then
elog_add "Error was no $RETNO"
elog_add "No matching IPA rule found for this user, so the user is not allowed to install software, skipping this."
elog_add "If you want to change: Please check the sudo rules in ipa and your group membership."
elog_add "Hint: the rule must contain the !authenticate and setenv option to work."
elog_add "A matching sudo rule could look like this: "'^'${SYSCONFIGPATH////'\/'}'\/system_setup\/sync_client_software\.sh.*$'
elog_add "Skipping SW Install."
else
# Check, if the rule is with Option !authenticate
if [[ $RETTXT != *"!authenticate"* ]]; then
elog_add "The above IPA rule found for this user and the install script, but it has not the right options to be executed without password."
elog_add "Hint: the rule must contain the !authenticate and setenv option to work."
elog_add "A matching sudo rule could look like this: "'^'${SYSCONFIGPATH////'\/'}'\/system_setup\/sync_client_software\.sh.*$'
elog_add "Skipping SW Install."
else
# Rule seems to be ok, executing script
elog_add "Matching Sudo rule found."
elog_add ""
elog_add "Running client software install..."
@@ -81,6 +97,7 @@ else
elog_add "Error executing software sync and install, please check your output!"
echo "Press any key to continue" && read -n 1 -s -r && exit 1
fi
fi
fi
echo ""
system_setup/mount_ecrypt_home.sh
+1 -1
View File
@@ -1,4 +1,4 @@
#!/bin/sh
#!/usr/bin/env sh
# SPDX-FileCopyrightText: Daniel Pätzold
# SPDX-License-Identifier: AGPL-3.0-or-later
#
system_setup/mozilla_starter.sh
+1 -1
View File
@@ -1,4 +1,4 @@
#!/bin/sh
#!/usr/bin/env sh
# SPDX-FileCopyrightText: Daniel Pätzold
# SPDX-License-Identifier: AGPL-3.0-or-later
#
system_setup/pack_skel.sh
+1 -1
View File
@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env sh
source $(dirname "$0")/setup_system.inc.sh
mv skel.tar.zst backup_skel.tar.zst
if [ $? -eq 0 ]; then
system_setup/setup_skel.sh
+1 -1
View File
@@ -1,4 +1,4 @@
#!/bin/sh
#!/usr/bin/env sh
# Replaces /etc/skel with the contents of skel.tar.zst
source $(dirname "$0")/setup_system.inc.sh
EXECDIR=$(pwd)
system_setup/setup_system.inc.sh
+2 -1
View File
@@ -1,9 +1,10 @@
#!/usr/bin/env sh
# Includes for System Setup
#
# SPDX-FileCopyrightText: Daniel Pätzold
# SPDX-License-Identifier: AGPL-3.0-or-later
#
# This is not a runnig script-file. No Logik to execute. Its used for includes in other scripts.
# This is not a runnig script-file. No real logic to execute. Its used for includes in other scripts.
#Check if we are root
# Deprectaed - use if Statement itself
system_setup/setup_system_full.sh
+1 -1
View File
@@ -1,4 +1,4 @@
#!/bin/sh
#!/usr/bin/env sh
# SPDX-FileCopyrightText: Daniel Pätzold
# SPDX-License-Identifier: AGPL-3.0-or-later
#
system_setup/sync_client_software.sh
+1 -1
View File
@@ -1,4 +1,4 @@
#!/bin/sh
#!/usr/bin/env sh
# SPDX-FileCopyrightText: Daniel Pätzold
# SPDX-License-Identifier: AGPL-3.0-or-later
#