[users] Add a switch to write different styles of sudo file

2022-02-21 15:49:10 +01:00 · 2022-02-21 15:49:10 +01:00 · c3224e60d6
commit c3224e60d6
parent aecdb5fe6d
6 changed files with 42 additions and 6 deletions
--- a/src/modules/users/Config.cpp
+++ b/src/modules/users/Config.cpp
@ -840,6 +840,9 @@ Config::setConfigurationMap( const QVariantMap& configurationMap )
    setAutoLoginGroup( either< QString, const QString& >(
        CalamaresUtils::getString, configurationMap, "autologinGroup", "autoLoginGroup", QString() ) );
    setSudoersGroup( CalamaresUtils::getString( configurationMap, "sudoersGroup" ) );
+    m_sudoStyle = CalamaresUtils::getBool( configurationMap, "sudoersConfigureWithGroup", false )
+        ? SudoStyle::UserAndGroup
+        : SudoStyle::UserOnly;

    m_hostNameActions = getHostNameActions( configurationMap );

@ -904,7 +907,7 @@ Config::createJobs() const

    if ( !m_sudoersGroup.isEmpty() )
    {
-        j = new SetupSudoJob( m_sudoersGroup );
+        j = new SetupSudoJob( m_sudoersGroup, m_sudoStyle );
        jobs.append( Calamares::job_ptr( j ) );
    }

--- a/src/modules/users/Config.h
+++ b/src/modules/users/Config.h
@ -186,8 +186,15 @@ public:

    /// The group of which auto-login users must be a member
    QString autoLoginGroup() const { return m_autoLoginGroup; }
+
+    enum class SudoStyle
+    {
+        UserOnly,
+        UserAndGroup
+    };
    /// The group of which users who can "sudo" must be a member
    QString sudoersGroup() const { return m_sudoersGroup; }
+    SudoStyle sudoStyle() const { return m_sudoStyle; }

    /// The full (GECOS) name of the user
    QString fullName() const { return m_fullName; }
@ -307,6 +314,7 @@ private:
    QString m_userShell;
    QString m_autoLoginGroup;
    QString m_sudoersGroup;
+    SudoStyle m_sudoStyle = SudoStyle::UserOnly;
    QString m_fullName;
    QString m_loginName;
    QString m_hostName;
--- a/src/modules/users/MiscJobs.cpp
+++ b/src/modules/users/MiscJobs.cpp
@ -22,8 +22,9 @@
 #include <QFile>
 #include <QFileInfo>

-SetupSudoJob::SetupSudoJob( const QString& group )
+SetupSudoJob::SetupSudoJob( const QString& group, Config::SudoStyle style )
    : m_sudoGroup( group )
+    , m_sudoStyle( style )
 {
 }

@ -33,6 +34,22 @@ SetupSudoJob::prettyName() const
    return tr( "Configure <pre>sudo</pre> users." );
 }

+static QString
+designatorForStyle( Config::SudoStyle style )
+{
+    switch ( style )
+    {
+    case Config::SudoStyle::UserOnly:
+        return QStringLiteral( "(ALL)" );
+        break;
+    case Config::SudoStyle::UserAndGroup:
+        return QStringLiteral( "(ALL:ALL)" );
+        break;
+    }
+    __builtin_unreachable();
+    return QString();
+}
+
 Calamares::JobResult
 SetupSudoJob::exec()
 {
@ -42,7 +59,9 @@ SetupSudoJob::exec()
        return Calamares::JobResult::ok();
    }

-    QString sudoersLine = QString( "%%1 ALL=(ALL) ALL\n" ).arg( m_sudoGroup );
+    // One % for the sudo format, keep it outside of the string to avoid accidental replacement
+    QString sudoersLine
+        = QChar( '%' ) + QString( "%1 ALL=%2 ALL\n" ).arg( m_sudoGroup, designatorForStyle( m_sudoStyle ) );
    auto fileResult
        = CalamaresUtils::System::instance()->createTargetFile( QStringLiteral( "/etc/sudoers.d/10-installer" ),
                                                                sudoersLine.toUtf8().constData(),
--- a/src/modules/users/MiscJobs.h
+++ b/src/modules/users/MiscJobs.h
@ -17,20 +17,21 @@
 #ifndef USERS_MISCJOBS_H
 #define USERS_MISCJOBS_H

-#include "Job.h"
+#include "Config.h"

-class Config;
+#include "Job.h"

 class SetupSudoJob : public Calamares::Job
 {
    Q_OBJECT
 public:
-    SetupSudoJob( const QString& group );
+    SetupSudoJob( const QString& group, Config::SudoStyle style );
    QString prettyName() const override;
    Calamares::JobResult exec() override;

 public:
    QString m_sudoGroup;
+    Config::SudoStyle m_sudoStyle;
 };

 class SetupGroupsJob : public Calamares::Job
--- a/src/modules/users/users.conf
+++ b/src/modules/users/users.conf
@ -63,6 +63,10 @@ doAutologin:     true
 # the setting will be duplicated in the `/etc/sudoers.d/10-installer` file,
 # potentially confusing users.
 sudoersGroup:    wheel
+# If set to `false` (the default), writes a sudoers file with `(ALL)`
+# so that the command can be run as any user. If set to `true`, writes
+# `(ALL:ALL)` so that any user and any group can be chosen.
+sudoersConfigureWithGroup: false

 # Setting this to false, causes the root account to be disabled.
 # When disabled, hides the "Use the same password for administrator"
--- a/src/modules/users/users.schema.yaml
+++ b/src/modules/users/users.schema.yaml
@ -23,6 +23,7 @@ properties:
                  required: [ name ]
    autologinGroup: { type: string }
    sudoersGroup: { type: string }
+    sudoersConfigureWithGroup: { type: boolean, default: false }
    # Skip login (depends on displaymanager support)
    doAutologin: { type: boolean, default: true }
    # Root password separate from user password?