git: 5540b9eb9e2a - stable/14 - nuageinit: add support for sudo
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 23 Jun 2025 07:44:18 UTC
The branch stable/14 has been updated by bapt:
URL: https://cgit.FreeBSD.org/src/commit/?id=5540b9eb9e2a560ba89e0a94ad665eaa8bf245cc
commit 5540b9eb9e2a560ba89e0a94ad665eaa8bf245cc
Author: Baptiste Daroussin <bapt@FreeBSD.org>
AuthorDate: 2025-06-15 15:18:32 +0000
Commit: Baptiste Daroussin <bapt@FreeBSD.org>
CommitDate: 2025-06-23 07:43:13 +0000
nuageinit: add support for sudo
(cherry picked from commit 6a54f886bede6e6193ebc82ec5fca85679b7dc41)
---
libexec/nuageinit/nuage.lua | 39 +++++++++++++++++++++++++++++++++++-
libexec/nuageinit/nuageinit | 3 +++
libexec/nuageinit/tests/nuageinit.sh | 2 ++
3 files changed, 43 insertions(+), 1 deletion(-)
diff --git a/libexec/nuageinit/nuage.lua b/libexec/nuageinit/nuage.lua
index 76f2d24ac178..deb441ee25ba 100644
--- a/libexec/nuageinit/nuage.lua
+++ b/libexec/nuageinit/nuage.lua
@@ -228,6 +228,42 @@ local function addsshkey(homedir, key)
end
end
+local function addsudo(pwd)
+ local chmodsudoersd = false
+ local chmodsudoers = false
+ local root = os.getenv("NUAGE_FAKE_ROOTDIR")
+ local sudoers_dir = "/usr/local/etc/sudoers.d"
+ if root then
+ sudoers_dir= root .. sudoers_dir
+ end
+ local sudoers = sudoers_dir .. "/90-nuageinit-users"
+ local sudoers_attr = lfs.attributes(sudoers)
+ if sudoers_attr == nil then
+ chmodsudoers = true
+ local dirattrs = lfs.attributes(sudoers_dir)
+ if dirattrs == nil then
+ local r, err = mkdir_p(sudoers_dir)
+ if not r then
+ return nil, err .. " (creating " .. sudoers_dir .. ")"
+ end
+ chmodsudoersd = true
+ end
+ end
+ local f = io.open(sudoers, "a")
+ if not f then
+ warnmsg("impossible to open " .. sudoers)
+ return
+ end
+ f:write(pwd.name .. " " .. pwd.sudo .. "\n")
+ f:close()
+ if chmodsudoers then
+ sys_stat.chmod(sudoers, 416)
+ end
+ if chmodsudoersd then
+ sys_stat.chmod(sudoers, 480)
+ end
+end
+
local function update_sshd_config(key, value)
local sshd_config = "/etc/ssh/sshd_config"
local root = os.getenv("NUAGE_FAKE_ROOTDIR")
@@ -419,7 +455,8 @@ local n = {
pkg_bootstrap = pkg_bootstrap,
install_package = install_package,
update_packages = update_packages,
- upgrade_packages = upgrade_packages
+ upgrade_packages = upgrade_packages,
+ addsudo = addsudo
}
return n
diff --git a/libexec/nuageinit/nuageinit b/libexec/nuageinit/nuageinit
index c1026aa2afee..d8aa734cb122 100755
--- a/libexec/nuageinit/nuageinit
+++ b/libexec/nuageinit/nuageinit
@@ -290,6 +290,9 @@ if line == "#cloud-config" then
nuage.addsshkey(homedir, v)
end
end
+ if u.sudo then
+ nuage.addsudo(u)
+ end
else
nuage.warn("invalid type : " .. type(u) .. " for users entry number " .. n)
end
diff --git a/libexec/nuageinit/tests/nuageinit.sh b/libexec/nuageinit/tests/nuageinit.sh
index edcc80346b5d..fe799a2227f3 100644
--- a/libexec/nuageinit/tests/nuageinit.sh
+++ b/libexec/nuageinit/tests/nuageinit.sh
@@ -117,6 +117,7 @@ users:
- name: foobar
gecos: Foo B. Bar
primary_group: foobar
+ sudo: ALL=(ALL) NOPASSWD:ALL
groups: users
passwd: $6$j212wezy$7H/1LT4f9/N3wpgNunhsIqtMj62OKiS3nyNwuizouQc3u7MbYCarYeAHWYPYb2FT.lbioDm2RrkJPb9BZMN1O/
EOF
@@ -138,6 +139,7 @@ EOF
sed -i "" "s/freebsd:.*:1001/freebsd:freebsd:1001/" "${PWD}"/etc/master.passwd
atf_check -o file:expectedpasswd cat "${PWD}"/etc/master.passwd
atf_check -o file:expectedgroup cat "${PWD}"/etc/group
+ atf_check -o inline:"foobar ALL=(ALL) NOPASSWD:ALL\n" cat ${PWD}/usr/local/etc/sudoers.d/90-nuageinit-users
}
nocloud_network_head()