From b008d4ebb04ab26feb073940e3948ffbbdf7b42f Mon Sep 17 00:00:00 2001 From: "T. R. Bernstein" <137705289+trbernstein@users.noreply.github.com> Date: Fri, 17 Oct 2025 23:41:39 +0200 Subject: [PATCH] Add module to adapt sudo settings --- modules/00a-sudo-settings.sh | 54 ++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 modules/00a-sudo-settings.sh diff --git a/modules/00a-sudo-settings.sh b/modules/00a-sudo-settings.sh new file mode 100644 index 0000000..ad38de6 --- /dev/null +++ b/modules/00a-sudo-settings.sh @@ -0,0 +1,54 @@ +#!/usr/bin/env zsh +# vi: set ft=zsh tw=80 ts=2 + +function ensureTRBernsteinCanUpdateSystem() { + local username=$1 + local sudoersFile='/etc/sudoers.d/allow-softwareupdate-for-all' + [[ -f ${sudoersFile} ]] && return + cat <<- SUDOERS > "${sudoersFile}" + trbernstein ALL=(root) NOPASSWD: /usr/sbin/softwareupdate -irR --user admin + SUDOERS + chown root:wheel "${sudoersFile}" || return 10 + chmod u=rw,g=r,o= "${sudoersFile}" || return 20 +} + +function configure_system() { + lop -y h1 -- -i 'Configure sudoers files' + ensurePathOrLogError ${dstDir} 'Could not install binaries.' || return 10 + indicateActivity -- "Allow trbernstein user to install updates using softwareupdate" ensureTRBernsteinCanUpdateSystem +} + +function getExecPrerequisites() { + cmds=( + [cat]='' + [chown]='' + [chmod]='' + ) +} + +function getUsage() { + read -r -d '' text <<- USAGE + Usage: + $cmdName show-questions [ ]... + $cmdName [-v] [-d FILE] + + Add sudo rules to: + 1. allow trbernstein user to install updates using softwareupdate + + Options: + -d FILE, --logfile FILE Print log message to logfile instead of stdout. + -v, --verbose Be more verbose. + ---- + $cmdName 0.1.0 + Copyright (C) 2022 Rezart Qelibari, Astzweig GmbH & Co. KG + License EUPL-1.2. There is NO WARRANTY, to the extent permitted by law. + USAGE + print -- ${text} +} + +if [[ "${ZSH_EVAL_CONTEXT}" == toplevel ]]; then + _DIR="${0:A:h}" + test -f "${ASTZWEIG_MACOS_SYSTEM_LIB}" || { echo 'This module requires macos-system library. Please run again with macos-system library provieded as a path in ASTZWEIG_MACOS_SYSTEM_LIB env variable.'; return 10 } + source "${ASTZWEIG_MACOS_SYSTEM_LIB}" + module_main $0 "$@" +fi