Support user-defined entries for sudo NOPASSWD #507
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
achilleas-k
force-pushed
the
sudo-nopasswd
branch
2 times, most recently
from
f2c9278 to
bfe28e6
Compare
supakeen
previously approved these changes
Mar 11, 2024
It's not exposed in composer yet. This change came from a discussion in chat that I started because I want to add it to composer and wanted to find a better name for it before it's finalised :) |
mvo5
previously approved these changes
Mar 11, 2024
achilleas-k
force-pushed
the
sudo-nopasswd
branch
from
bfe28e6 to
bb145c6
Compare
bcl
reviewed
Mar 11, 2024
Replace the wheel-sudo-nopasswd (bool) installer customization with sudo-nopasswd ([]string). Users can now specify a list of users or groups (groups must be prefixed with %). For each element in the array, the kickstart file will create a file that enables sudo with NOPASSWD for that entry. Each entry is added as a separate file in the sudoers.d drop-in directory. Duplicate entries are silently ignored.
The new configs are functionally equivalent to the old options, but since the drop-in filenames changed from /etc/sudoers.d/wheel to /etc/sudoers.d/%wheel, the hardcoded kickstart contents will change.
Add %sudo as well to the unattended-iso test as a test that multiple groups work.
When testing if the relevant stages were created in the Anaconda installer ISO tree pipeline, also check that the content ID for the embedded (raw) kickstart file is the expected one based on the groups added to the NoPasswd option.
achilleas-k
force-pushed
the
sudo-nopasswd
branch
from
bb145c6 to
37a9311
Compare
Merged
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Replace the wheel-sudo-nopasswd (bool) installer customization with sudo-nopasswd ([]string). Users can now specify a list of users or groups (groups must be prefixed with %). For each element in the array, the kickstart file will create a file that enables sudo with NOPASSWD for that entry. Each entry is added as a separate file in the sudoers.d drop-in directory.