From 54ef4de29126f4e54f5c07090814d13a8fb719ce Mon Sep 17 00:00:00 2001 From: Joe Haig Date: Sun, 18 Sep 2016 16:00:27 +0000 Subject: [PATCH] Make /etc/visudo file a bit more readable --- README.md | 15 ++++++++++++++- installers/common.sh | 29 ++++++++++++++++++++++++----- 2 files changed, 38 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 039044b3..bedb323f 100644 --- a/README.md +++ b/README.md @@ -51,8 +51,21 @@ So what I have done is added the `www-data` user to the sudoers file, but with r Add the following to the end of `/etc/sudoers`: ```sh -www-data ALL=(ALL) NOPASSWD:/sbin/ifdown wlan0,/sbin/ifup wlan0,/bin/cat /etc/wpa_supplicant/wpa_supplicant.conf,/bin/cp /tmp/wifidata /etc/wpa_supplicant/wpa_supplicant.conf,/sbin/wpa_cli scan_results, /sbin/wpa_cli scan,/bin/cp /tmp/hostapddata /etc/hostapd/hostapd.conf, /etc/init.d/hostapd start,/etc/init.d/hostapd stop,/etc/init.d/dnsmasq start, /etc/init.d/dnsmasq stop,/bin/cp /tmp/dhcpddata /etc/dnsmasq.conf, /sbin/shutdown -h now, /sbin/reboot +www-data ALL=(ALL) NOPASSWD:/sbin/ifdown wlan0 +www-data ALL=(ALL) NOPASSWD:/sbin/ifup wlan0 +www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wpa_supplicant/wpa_supplicant.conf +www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wifidata /etc/wpa_supplicant/wpa_supplicant.conf +www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli scan_results +www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli scan www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli reconfigure +www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/hostapddata /etc/hostapd/hostapd.conf +www-data ALL=(ALL) NOPASSWD:/etc/init.d/hostapd start +www-data ALL=(ALL) NOPASSWD:/etc/init.d/hostapd stop +www-data ALL=(ALL) NOPASSWD:/etc/init.d/dnsmasq start +www-data ALL=(ALL) NOPASSWD:/etc/init.d/dnsmasq stop +www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dhcpddata /etc/dnsmasq.conf +www-data ALL=(ALL) NOPASSWD:/sbin/shutdown -h now +www-data ALL=(ALL) NOPASSWD:/sbin/reboot ``` Once those modifications are done, git clone the files to `/var/www/html`. diff --git a/installers/common.sh b/installers/common.sh index 59293ec7..1d00ab80 100644 --- a/installers/common.sh +++ b/installers/common.sh @@ -4,10 +4,10 @@ version=`cat /etc/debian_version` # Determine version and set default home location for lighttpd if [ $version == "8.0" ]; then - echo -n "Raspian verison is 8.0 Jessie" + echo "Raspian verison is 8.0 Jessie" webroot_dir="/var/www/html" elif [ $version == "7.8" ]; then - echo -n "Raspian version is 7.8 Wheezy" + echo "Raspian version is 7.8 Wheezy" webroot_dir="/var/www" fi @@ -102,12 +102,31 @@ function move_config_file() { sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || install_error "Unable to change file ownership for '$raspap_dir'" } +# Add a single entry to the sudoers file +function sudo_add() { + sudo bash -c "echo \"www-data ALL=(ALL) NOPASSWD:$1\" | (EDITOR=\"tee -a\" visudo)" \ + || install_error "Unable to patch /etc/sudoers" +} + # Adds www-data user to the sudoers file with restrictions on what the user can execute function patch_system_files() { - install_log "Patching system sudoers file" # patch /etc/sudoers file - sudo bash -c 'echo "www-data ALL=(ALL) NOPASSWD:/sbin/ifdown wlan0,/sbin/ifup wlan0,/bin/cat /etc/wpa_supplicant/wpa_supplicant.conf,/bin/cp /tmp/wifidata /etc/wpa_supplicant/wpa_supplicant.conf,/sbin/wpa_cli scan_results, /sbin/wpa_cli scan,/sbin/wpa_cli reconfigure,/bin/cp /tmp/hostapddata /etc/hostapd/hostapd.conf, /etc/init.d/hostapd start,/etc/init.d/hostapd stop,/etc/init.d/dnsmasq start, /etc/init.d/dnsmasq stop,/bin/cp /tmp/dhcpddata /etc/dnsmasq.conf, /sbin/shutdown -h now, /sbin/reboot" | (EDITOR="tee -a" visudo)' \ - || install_error "Unable to patch /etc/sudoers" + install_log "Patching system sudoers file" + sudo_add '/sbin/ifdown wlan0' + sudo_add '/sbin/ifup wlan0' + sudo_add '/bin/cat /etc/wpa_supplicant/wpa_supplicant.conf' + sudo_add '/bin/cp /tmp/wifidata /etc/wpa_supplicant/wpa_supplicant.conf' + sudo_add '/sbin/wpa_cli scan_results' + sudo_add '/sbin/wpa_cli scan' + sudo_add '/sbin/wpa_cli reconfigure' + sudo_add '/bin/cp /tmp/hostapddata /etc/hostapd/hostapd.conf' + sudo_add '/etc/init.d/hostapd start' + sudo_add '/etc/init.d/hostapd stop' + sudo_add '/etc/init.d/dnsmasq start' + sudo_add '/etc/init.d/dnsmasq stop' + sudo_add '/bin/cp /tmp/dhcpddata /etc/dnsmasq.conf' + sudo_add '/sbin/shutdown -h now' + sudo_add '/sbin/reboot' } function install_complete() {