From 62083ff7ba4659cea621638e21b28ce1e163660c Mon Sep 17 00:00:00 2001 From: Christopher Laprise Date: Wed, 17 Jul 2019 09:14:37 -0400 Subject: [PATCH] detect passwordless-root --- configure-sudo-prompt | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/configure-sudo-prompt b/configure-sudo-prompt index fcb2ea4..8a48904 100644 --- a/configure-sudo-prompt +++ b/configure-sudo-prompt @@ -3,19 +3,27 @@ set -e [ `id -u` -eq 0 ] || exit -if [ ! -e /etc/debian_version ]; then - echo "Debian-based template required for autoconfiguration. -See qubes-os.org/doc/vm-sudo for manual instructions." + + +if [ ! -e /etc/sudoers.d/qubes ]; then + echo "The 'qubes-core-agent-passwordless-root' package does not appear" + echo "to be present. Sudo autoconfiguration is unnecessary." exit 0 fi +if [ ! -e /etc/debian_version ]; then + echo "Debian-based template required for sudo autoconfiguration. +See qubes-os.org/doc/vm-sudo for manual instructions." + exit 1 +fi + echo -e "\n--+ Enable yes/no authentication prompt for sudo +-- Warning: Before opting for this change a backup or clone should me made of this template!" read -p "Configure sudo authentication prompt now? (y/n): " answer if [[ $answer == @(y|Y) ]]; then - mv -fb /etc/pam.d/common-auth /etc/pam.d/common-auth.bak + mv --backup=numbered -fb /etc/pam.d/common-auth /etc/pam.d/common-auth.bak cat >/etc/pam.d/common-auth <<_EOF auth [success=1 default=ignore] pam_exec.so seteuid /usr/lib/qubes/qrexec-client-vm dom0 qubes.VMAuth /bin/grep -q ^1$ auth requisite pam_deny.so @@ -34,15 +42,6 @@ _EOF mv -f /etc/polkit-1/localauthority/50-local.d/qubes-allow-all.pkla \ /etc/polkit-1/localauthority_50-locald_qubes-allow-all.pkla.bak - if [ -e /etc/whonix.d ]; then - cat >/etc/sudoers.d/zz99_sudoprompt <<_EOF -ALL ALL=NOPASSWD: /usr/sbin/virt-what -ALL ALL=NOPASSWD: /usr/sbin/service whonixcheck restart -ALL ALL=NOPASSWD: /usr/sbin/service whonixcheck start -ALL ALL=NOPASSWD: /usr/sbin/service whonixcheck stop -ALL ALL=NOPASSWD: /usr/sbin/service whonixcheck status -_EOF - fi echo "Done." echo '