Seán Healy
75f7fa28dc
- Introduced a sudo-nopasswd script that allows users to edit and update in one shot. - Use random suffix on temp files to avoid collisions and hacks.
51 lines
1.6 KiB
Bash
Executable File
51 lines
1.6 KiB
Bash
Executable File
#!/bin/bash
|
|
set -e
|
|
[ "$EUID" -eq 0 ] || { sudo "$0" "$@"; exit $?; }
|
|
SHARE_ROOTS=("$HOME/.local/share" "/usr/local/share" "/usr/share")
|
|
for SHARE_ROOT in "${SHARE_ROOTS[@]}"; do
|
|
if [ -d "$SHARE_ROOT/sudo-nopasswd" ]; then
|
|
SHARE_DIR="$SHARE_ROOT/sudo-nopasswd"
|
|
break
|
|
fi
|
|
done
|
|
CONSTANTS="sudo_no_passwd_constants.sh"
|
|
source "$SHARE_DIR/$CONSTANTS"
|
|
cp "$SUDOERS_FILE" "$SUDOERS_BAK"
|
|
|
|
if grep -q "^%sudo.*NOPASSWD" "$SUDOERS_FILE"; then
|
|
grep "%sudo.*NOPASSWD" "$SUDOERS_FILE" |
|
|
sed -E 's/.*NOPASSWD: //;s/([^\\]),/\1\n/g;s/\\\\//g' > "$BEFORE_COMMANDS"
|
|
else
|
|
touch "$BEFORE_COMMANDS"
|
|
fi
|
|
output="$(
|
|
cat "$ETC_FILE" |
|
|
awk -F' ' '{"command -v "$1 | getline program; $1=program; print}' |
|
|
sed -E 's/([:,#])/\\\\\1/g' |
|
|
paste -sd,
|
|
)"
|
|
sep=$(printf '\001')
|
|
if [ "$output" ]; then
|
|
if grep -q "^%sudo.*NOPASSWD" "$SUDOERS_FILE"; then
|
|
sed -i "s${sep}^%sudo.*NOPASSWD: .*${sep}%sudo ALL=(ALL:ALL) NOPASSWD: $output${sep}" "$SUDOERS_FILE"
|
|
else
|
|
sed -i "/^%sudo/a %sudo ALL=(ALL:ALL) NOPASSWD: $output" "$SUDOERS_FILE"
|
|
fi
|
|
else
|
|
sed -i "/^%sudo.*NOPASSWD/d" "$SUDOERS_FILE"
|
|
fi
|
|
if ! visudo -c "$SUDOERS_FILE" >/dev/null 2>&1; then
|
|
cat "$SUDOERS_BAK" | grep "%sudo.*NOPASSWD"
|
|
cp "$SUDOERS_BAK" "$SUDOERS_FILE"
|
|
echo "Syntax error detected in $SUDOERS_FILE. Reverted to backup."
|
|
exit 1
|
|
else
|
|
rm "$SUDOERS_BAK"
|
|
fi
|
|
cat "$ETC_FILE" |
|
|
awk -F' ' '{"command -v "$1 | getline program; $1=program; print}' > "$AFTER_COMMANDS"
|
|
diff -u "$BEFORE_COMMANDS" "$AFTER_COMMANDS" --color=always |
|
|
grep $'^\x1b\\[[0-9;]*m[+-]' |
|
|
grep -Ev $'^\x1b\\[[0-9;]*m([+][+][+]|[-][-][-])'
|
|
rm "$BEFORE_COMMANDS" "$AFTER_COMMANDS"
|