From 7fc00d49399e426e022de4e46a081a26c9aa5bb5 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Tue, 2 Sep 2014 15:48:49 +0300 Subject: [PATCH] Added full sudo support for admin user --- install/debian/sudoers.admin.conf | 3 +++ install/debian/sudoers.conf | 1 - install/rhel/sudoers.admin.conf | 3 +++ install/rhel/sudoers.conf | 3 ++- install/ubuntu/sudoers.admin.conf | 3 +++ install/ubuntu/sudoers.conf | 1 - install/vst-install-debian.sh | 4 +++- install/vst-install-rhel.sh | 4 +++- install/vst-install-ubuntu.sh | 4 +++- src/deb/vesta/postinst | 6 ++++++ src/rpm/specs/vesta.spec | 4 +++- upd/add_sudo.sh | 13 +++++++++++++ 12 files changed, 42 insertions(+), 7 deletions(-) create mode 100644 install/debian/sudoers.admin.conf create mode 100644 install/rhel/sudoers.admin.conf create mode 100644 install/ubuntu/sudoers.admin.conf create mode 100755 upd/add_sudo.sh diff --git a/install/debian/sudoers.admin.conf b/install/debian/sudoers.admin.conf new file mode 100644 index 00000000..b4f87039 --- /dev/null +++ b/install/debian/sudoers.admin.conf @@ -0,0 +1,3 @@ +# Created by vesta installer +admin ALL=(ALL) ALL +admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/debian/sudoers.conf b/install/debian/sudoers.conf index d2b13a7c..efe9ce9c 100644 --- a/install/debian/sudoers.conf +++ b/install/debian/sudoers.conf @@ -30,4 +30,3 @@ root ALL=(ALL:ALL) ALL # See sudoers(5) for more information on "#include" directives: #includedir /etc/sudoers.d -admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/rhel/sudoers.admin.conf b/install/rhel/sudoers.admin.conf new file mode 100644 index 00000000..b4f87039 --- /dev/null +++ b/install/rhel/sudoers.admin.conf @@ -0,0 +1,3 @@ +# Created by vesta installer +admin ALL=(ALL) ALL +admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/rhel/sudoers.conf b/install/rhel/sudoers.conf index a3f38d00..b8d33ff1 100644 --- a/install/rhel/sudoers.conf +++ b/install/rhel/sudoers.conf @@ -95,4 +95,5 @@ root ALL=(ALL) ALL ## Allows members of the users group to shutdown this system # %users localhost=/sbin/shutdown -h now -admin ALL=NOPASSWD:/usr/local/vesta/bin/* + +#includedir /etc/sudoers.d diff --git a/install/ubuntu/sudoers.admin.conf b/install/ubuntu/sudoers.admin.conf new file mode 100644 index 00000000..b4f87039 --- /dev/null +++ b/install/ubuntu/sudoers.admin.conf @@ -0,0 +1,3 @@ +# Created by vesta installer +admin ALL=(ALL) ALL +admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/sudoers.conf b/install/ubuntu/sudoers.conf index 70872217..0e3058d1 100644 --- a/install/ubuntu/sudoers.conf +++ b/install/ubuntu/sudoers.conf @@ -29,4 +29,3 @@ root ALL=(ALL:ALL) ALL # See sudoers(5) for more information on "#include" directives: #includedir /etc/sudoers.d -admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index b3c15565..237f53d2 100644 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -518,7 +518,9 @@ echo "/sbin/nologin" >> /etc/shells # Sudo configuration wget $CHOST/$VERSION/sudoers.conf -O /etc/sudoers -chmod 0440 /etc/sudoers +wget $CHOST/$VERSION/sudoers.admin.conf -O /etc/sudoers.d/admin +chmod 440 /etc/sudoers +chmod 440 /etc/sudoers.d/admin # NTP Synchronization echo '#!/bin/sh' > /etc/cron.daily/ntpdate diff --git a/install/vst-install-rhel.sh b/install/vst-install-rhel.sh index 5ddfaf4b..d72de274 100644 --- a/install/vst-install-rhel.sh +++ b/install/vst-install-rhel.sh @@ -571,7 +571,9 @@ echo 'LS_COLORS="$LS_COLORS:di=00;33"' >> /etc/profile # Sudo configuration wget $CHOST/$VERSION/sudoers.conf -O /etc/sudoers -chmod 0440 /etc/sudoers +wget $CHOST/$VERSION/sudoers.admin.conf -O /etc/sudoers.d/admin +chmod 440 /etc/sudoers +chmod 440 /etc/sudoers.d/admin # NTP Synchronization echo '#!/bin/sh' > /etc/cron.daily/ntpdate diff --git a/install/vst-install-ubuntu.sh b/install/vst-install-ubuntu.sh index 5bfd37b7..2ab4c5b2 100644 --- a/install/vst-install-ubuntu.sh +++ b/install/vst-install-ubuntu.sh @@ -524,7 +524,9 @@ echo "/sbin/nologin" >> /etc/shells # Sudo configuration wget $CHOST/$VERSION/sudoers.conf -O /etc/sudoers -chmod 0440 /etc/sudoers +wget $CHOST/$VERSION/sudoers.admin.conf -O /etc/sudoers.d/admin +chmod 440 /etc/sudoers +chmod 440 /etc/sudoers.d/admin # NTP Synchronization echo '#!/bin/sh' > /etc/cron.daily/ntpdate diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index 7559a345..d0588687 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -20,4 +20,10 @@ if [ -x "/usr/local/vesta/upd/fix_mysql_startup.sh" ]; then /usr/local/vesta/upd/fix_mysql_startup.sh fi +# Run SUDO trigger +if [ -x "/usr/local/vesta/upd/add_sudo.sh" ]; then + /usr/local/vesta/upd/add_sudo.sh +fi + + exit 0 diff --git a/src/rpm/specs/vesta.spec b/src/rpm/specs/vesta.spec index db9e18a7..37e7430d 100644 --- a/src/rpm/specs/vesta.spec +++ b/src/rpm/specs/vesta.spec @@ -43,7 +43,9 @@ if [ $1 -ge 2 ]; then if [ -e /usr/local/vesta/upd/fix_vesta_ssl_permissions.sh ]; then /usr/local/vesta/upd/fix_vesta_ssl_permissions.sh fi -fi + if [ -e /usr/local/vesta/upd/add_sudo.sh ]; then + /usr/local/vesta/upd/add_sudo.sh + fi %files %{_vestadir} diff --git a/upd/add_sudo.sh b/upd/add_sudo.sh new file mode 100755 index 00000000..dfe5ff2b --- /dev/null +++ b/upd/add_sudo.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +if [ ! -e /etc/sudoers.d/admin ]; then + echo "# Created by vesta update-trigger" > /etc/sudoers.d/admin + echo "# $(date)" >> /etc/sudoers.d/admin + echo "admin ALL=(ALL) ALL" >> /etc/sudoers.d/admin + echo "admin ALL=NOPASSWD:/usr/local/vesta/bin/*" >> /etc/sudoers.d/admin + chmod 440 /etc/sudoers.d/admin + + if [ -z "$(grep /etc/sudoers.d /etc/sudoers)" ]; then + echo -e "\n#includedir /etc/sudoers.d" >> /etc/sudoers + fi +fi