Commit 2d168282 authored by Nigel Kukard's avatar Nigel Kukard
Browse files

Added sudo support for the extra user

parent ad6c27c7
......@@ -17,7 +17,7 @@
import atexit
import re
from typing import Dict, List, Optional
from typing import Any, Dict, List, Optional
from idmslinux_installer.util.asyncsubprocess import OutputCallback
from idmslinux_installer.util.mount import Mount
......@@ -91,6 +91,9 @@ class IliState:
# Our fstab that will be written to the target system
_fstab: Dict[str, Dict[str, str]]
# Sudo users
_sudo_users: List[Dict[str, Any]]
# Packages to install along with the system base
_base_packages: List[str]
......@@ -137,6 +140,8 @@ class IliState:
self._fstab = {}
self._sudo_users = []
self._base_packages = []
self._base_installed = False
......@@ -336,7 +341,7 @@ class IliState:
"""Set the user_sshkeys."""
self._user_sshkeys = value
# Users
# Enable services
def add_enable_service(self, service: str):
"""Add a service to enable."""
......@@ -435,6 +440,21 @@ class IliState:
"""Return the fstab object we'll write to the target system."""
return self._fstab
# sudo entries
def add_sudo_user(self, username: str, require_password: bool = True):
"""Add a sudo user."""
# Add sudo entry
self._sudo_users.append({
'username': username,
'require_password': require_password,
})
@property
def sudo_users(self):
"""Return the sudo_users list we'll write to the target system."""
return self._sudo_users
# Target Root
@property
def target_root(self):
......
# Copyright (c) 2019, AllWorldIT
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
"""Configure system sudoers."""
from typing import Callable, Dict, List, Optional
from idmslinux_installer.ilistate import IliState
from idmslinux_installer.plugin import Plugin
from idmslinux_installer.util.etcsudoers import EtcSudoers
# Ignore warning that we have not overridden all base class methods.
# pylama:ignore=W:select=W023
class ConfigSystemEtcSudoers(Plugin):
"""Configure system /etc/sudoers.d."""
def __init__(self):
"""Plugin init method."""
self.description = "System configuration for /etc/sudoers.d"
Plugin.__init__(self)
def post_install(self, ili_state: IliState):
"""Configure system /etc/sudoers.d."""
ili_state.output_callback('Configuring /etc/sudoers.d')
sudoers = EtcSudoers()
# Loop with user and add to sudoers
for user in ili_state.sudo_users:
sudoers.add_user(user['username'], user['require_password'])
# Write out hosts entries
sudoers.write(ili_state.target_root)
......@@ -32,6 +32,21 @@ class PostInstallUsers(Plugin):
Plugin.__init__(self)
def pre_install_base(self, ili_state: IliState):
"""Prepare grub."""
# If we have an extra user we're going to need sudo too
if ili_state.user_username:
ili_state.output_callback('Adding "sudo" to base package list')
ili_state.add_base_package('sudo')
# Check if we have a password to set
if ili_state.user_password:
# Add sudo user, requiring password
ili_state.add_sudo_user(ili_state.user_username)
else:
# Add sudo user, not requiring password
ili_state.add_sudo_user(ili_state.user_username, require_password=False)
def post_install(self, ili_state: IliState):
"""Post install task to setup users."""
......@@ -50,6 +65,7 @@ class PostInstallUsers(Plugin):
if ili_state.user_password:
ili_state.output_callback(f'Setting user {ili_state.user_username} password')
sysuser.chpasswd(ili_state.target_root, ili_state.user_username, ili_state.user_password)
# Check if we have ssh keys to write out
if ili_state.user_sshkeys:
ili_state.output_callback(f'Adding user {ili_state.user_username} ssh keys')
......
# Copyright (c) 2019, AllWorldIT
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
"""Support class for /etc/sudoers.d."""
from typing import Any, Dict, List
class EtcSudoers:
"""The EtcSudoers class handles writing out /etc/sudoers.d files."""
# This is the list of entries we've created below
_entries: List[Dict[str, Any]]
def __init__(self):
"""Initialize our class."""
# Start with no entries
self._entries = []
def add_user(self, username: str, require_password: bool = True):
"""Create a sudoers.d entry."""
# Add entry
self._entries.append({
'username': username,
'require_password': require_password,
})
def write(self, system_path: str):
"""Write out sudoers entries."""
for entry in self._entries:
username = entry['username']
# Open the sudoers file and append
with open(f'{system_path}/etc/sudoers.d/{username}', 'a') as sudoers_file:
sudoers_file.write('# Added during install\n')
# Check if we require a password or not
if entry['require_password']:
sudoers_file.write(f'{username}=(ALL) ALL\n')
else:
sudoers_file.write(f'{username}=(ALL) NOPASSWD: ALL\n')
# Finally close file
sudoers_file.close()
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment