forked from obel1x/fedora-OEMDRV
Different behaviour of "sudo -l" checks
Better shebangs
This commit is contained in:
Daniel Pätzold
@@ -1,4 +1,4 @@
|
|||||||
#!/bin/sh
|
#!/usr/bin/env sh
|
||||||
source $(dirname "$0")/setup_system.inc.sh
|
source $(dirname "$0")/setup_system.inc.sh
|
||||||
mkdir -p ${HOME}/temp
|
mkdir -p ${HOME}/temp
|
||||||
cd ${SYSCONFIGPATH}
|
cd ${SYSCONFIGPATH}
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
#!/bin/sh
|
#!/usr/bin/env sh
|
||||||
# SPDX-FileCopyrightText: Daniel Pätzold
|
# SPDX-FileCopyrightText: Daniel Pätzold
|
||||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||||
#
|
#
|
||||||
@@ -56,20 +56,36 @@ elog_add "Update and install client software"
|
|||||||
|
|
||||||
# First, check the sudo rule
|
# First, check the sudo rule
|
||||||
elog_add "Check the matching client rule:"
|
elog_add "Check the matching client rule:"
|
||||||
#Somewhat strange sudo -l will ask for password instead of just checking if the rule can be found, so it needs -n to be silent
|
#Somewhat strange "sudo -l" will *sometimes* ask for password instead of just checking if the rule can be found, so it needs -n to be silent
|
||||||
# The behaviour will be:
|
# The behaviour will be:
|
||||||
|
# A. If "sudo -l" wants a password (some installations!):
|
||||||
# If a matching rule with !authenticate is found, no passwd will be asked and retno is 0
|
# If a matching rule with !authenticate is found, no passwd will be asked and retno is 0
|
||||||
# If there is a rule matching with no !authenticate, then a password would be asked. This is prevented, so there will only be the
|
# If there is a rule matching with no !authenticate, then a password would be asked. This is prevented, so there will only be the
|
||||||
# error "a password is needed" an retno is 1
|
# error "a password is needed" an retno is 1
|
||||||
# If there is no sudo rule at all, it will only set retno to 1
|
# If there is no sudo rule at all, it will only set retno to 1
|
||||||
elog_add_command "/usr/bin/sudo -n -l ${SYSCONFIGPATH}/system_setup/sync_client_software.sh"
|
#-> Anyway, returning > 0 means the user is not allowed to run sw installation, which is fine. Print Message and skip installation.
|
||||||
|
#
|
||||||
|
# B. If "sudo -l" doesn't not want a password, then
|
||||||
|
# RETNO = 0 , but the Output of "sudo -l -l" must als be checked, if there is an Option !authenticate in the returnung string, otherwise a failed installation cannot be
|
||||||
|
# divided from a missing sudo-rule
|
||||||
|
#
|
||||||
|
elog_add_command "/usr/bin/sudo -n -l -l ${SYSCONFIGPATH}/system_setup/sync_client_software.sh"
|
||||||
if [[ $RETNO -ne 0 ]]; then
|
if [[ $RETNO -ne 0 ]]; then
|
||||||
elog_add "Error was no $RETNO"
|
elog_add "Error was no $RETNO"
|
||||||
elog_add "No matching IPA rule found for this user, so the user is not allowed to install software, skipping this."
|
elog_add "No matching IPA rule found for this user, so the user is not allowed to install software, skipping this."
|
||||||
elog_add "If you want to change: Please check the sudo rules in ipa and your group membership."
|
elog_add "If you want to change: Please check the sudo rules in ipa and your group membership."
|
||||||
elog_add "Hint: the rule must contain the !authenticate and setenv option to work."
|
elog_add "Hint: the rule must contain the !authenticate and setenv option to work."
|
||||||
elog_add "A matching sudo rule could look like this: "'^'${SYSCONFIGPATH////'\/'}'\/system_setup\/sync_client_software\.sh.*$'
|
elog_add "A matching sudo rule could look like this: "'^'${SYSCONFIGPATH////'\/'}'\/system_setup\/sync_client_software\.sh.*$'
|
||||||
|
elog_add "Skipping SW Install."
|
||||||
else
|
else
|
||||||
|
# Check, if the rule is with Option !authenticate
|
||||||
|
if [[ $RETTXT != *"!authenticate"* ]]; then
|
||||||
|
elog_add "The above IPA rule found for this user and the install script, but it has not the right options to be executed without password."
|
||||||
|
elog_add "Hint: the rule must contain the !authenticate and setenv option to work."
|
||||||
|
elog_add "A matching sudo rule could look like this: "'^'${SYSCONFIGPATH////'\/'}'\/system_setup\/sync_client_software\.sh.*$'
|
||||||
|
elog_add "Skipping SW Install."
|
||||||
|
else
|
||||||
|
# Rule seems to be ok, executing script
|
||||||
elog_add "Matching Sudo rule found."
|
elog_add "Matching Sudo rule found."
|
||||||
elog_add ""
|
elog_add ""
|
||||||
elog_add "Running client software install..."
|
elog_add "Running client software install..."
|
||||||
@@ -82,6 +98,7 @@ else
|
|||||||
echo "Press any key to continue" && read -n 1 -s -r && exit 1
|
echo "Press any key to continue" && read -n 1 -s -r && exit 1
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
#SYNC Firefox + Thunderbird Profile
|
#SYNC Firefox + Thunderbird Profile
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
#!/bin/sh
|
#!/usr/bin/env sh
|
||||||
# SPDX-FileCopyrightText: Daniel Pätzold
|
# SPDX-FileCopyrightText: Daniel Pätzold
|
||||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||||
#
|
#
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
#!/bin/sh
|
#!/usr/bin/env sh
|
||||||
# SPDX-FileCopyrightText: Daniel Pätzold
|
# SPDX-FileCopyrightText: Daniel Pätzold
|
||||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||||
#
|
#
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
#!/bin/bash
|
#!/usr/bin/env sh
|
||||||
source $(dirname "$0")/setup_system.inc.sh
|
source $(dirname "$0")/setup_system.inc.sh
|
||||||
mv skel.tar.zst backup_skel.tar.zst
|
mv skel.tar.zst backup_skel.tar.zst
|
||||||
if [ $? -eq 0 ]; then
|
if [ $? -eq 0 ]; then
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
#!/bin/sh
|
#!/usr/bin/env sh
|
||||||
# Replaces /etc/skel with the contents of skel.tar.zst
|
# Replaces /etc/skel with the contents of skel.tar.zst
|
||||||
source $(dirname "$0")/setup_system.inc.sh
|
source $(dirname "$0")/setup_system.inc.sh
|
||||||
EXECDIR=$(pwd)
|
EXECDIR=$(pwd)
|
||||||
|
|||||||
@@ -1,9 +1,10 @@
|
|||||||
|
#!/usr/bin/env sh
|
||||||
# Includes for System Setup
|
# Includes for System Setup
|
||||||
#
|
#
|
||||||
# SPDX-FileCopyrightText: Daniel Pätzold
|
# SPDX-FileCopyrightText: Daniel Pätzold
|
||||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||||
#
|
#
|
||||||
# This is not a runnig script-file. No Logik to execute. Its used for includes in other scripts.
|
# This is not a runnig script-file. No real logic to execute. Its used for includes in other scripts.
|
||||||
|
|
||||||
#Check if we are root
|
#Check if we are root
|
||||||
# Deprectaed - use if Statement itself
|
# Deprectaed - use if Statement itself
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
#!/bin/sh
|
#!/usr/bin/env sh
|
||||||
# SPDX-FileCopyrightText: Daniel Pätzold
|
# SPDX-FileCopyrightText: Daniel Pätzold
|
||||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||||
#
|
#
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
#!/bin/sh
|
#!/usr/bin/env sh
|
||||||
# SPDX-FileCopyrightText: Daniel Pätzold
|
# SPDX-FileCopyrightText: Daniel Pätzold
|
||||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||||
#
|
#
|
||||||
|
|||||||
Reference in New Issue
Block a user