spacebar/macos-system
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow sudo usage to homebrew user

Browse Source
This commit is contained in:
T. R. Bernstein
2024-06-26 11:48:32 +02:00
committed by T. R. Bernstein
parent 9b07dbc989
commit bbc4b80d81
1 changed files with 7 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
modules/03-install-brew.sh
View File

@@ -24,14 +24,13 @@ function ensureUserIsInAdminGroup() {
dseditgroup -o edit -a "${username}" -t user admin dseditgroup -o edit -a "${username}" -t user admin
} }
function ensureUserCannotRunSudo() { function ensureUserCanRunPasswordlessSudo() {
local username=$1 local username=$1
local sudoersFile="/etc/sudoers.d/disallow-sudo-for-${username}" local sudoersFile="/etc/sudoers.d/no-auth-sudo-for-${username}"
[[ -f ${sudoersFile} ]] && return [[ -f ${sudoersFile} ]] && return
cat <<- SUDOERS > "${sudoersFile}" cat <<- SUDOERS > "${sudoersFile}"
Defaults:${username} !authenticate Defaults:${username} !authenticate
${username} ALL=(ALL) !ALL SUDOERS
SUDOERS
chown root:wheel "${sudoersFile}" || return 10 chown root:wheel "${sudoersFile}" || return 10
chmod u=rw,g=r,o= "${sudoersFile}" || return 20 chmod u=rw,g=r,o= "${sudoersFile}" || return 20
} }
@@ -245,7 +244,7 @@ function configure_system() {
lop -y h1 -- -i 'Install System Homebrew' lop -y h1 -- -i 'Install System Homebrew'
createHomebrewUserIfNeccessary || return 10 createHomebrewUserIfNeccessary || return 10
indicateActivity 'Ensure Homebrew user is in admin group' ensureUserIsInAdminGroup ${homebrew_username} || return 11 indicateActivity 'Ensure Homebrew user is in admin group' ensureUserIsInAdminGroup ${homebrew_username} || return 11
indicateActivity 'Ensure Homebrew user can not run sudo' ensureUserCannotRunSudo ${homebrew_username} || return 12 indicateActivity 'Ensure Homebrew user can run passwordless sudo' ensureUserCanRunPasswordlessSudo ${homebrew_username} || return 12
configureInstallPrefix ${homebrew_prefix} || return 13 configureInstallPrefix ${homebrew_prefix} || return 13
ensureHomebrewCacheDirectory || return 14 ensureHomebrewCacheDirectory || return 14
ensureHomebrewLogDirectory || return 15 ensureHomebrewLogDirectory || return 15
@@ -332,11 +331,11 @@ function getUsage() {
Usage: Usage:
$cmdName show-questions [<modkey> <modans>]... $cmdName show-questions [<modkey> <modans>]...
$cmdName [-v] [-d FILE] --homebrew-prefix PREFIX --homebrew-username NAME --homebrew-cache PATH --homebrew-log PATH --git-homebrew-remote URL --git-homebrew-core-remote URL --git-homebrew-cask-remote URL --git-homebrew-font-remote URL --git-homebrew-driver-remote URL $cmdName [-v] [-d FILE] --homebrew-prefix PREFIX --homebrew-username NAME --homebrew-cache PATH --homebrew-log PATH --git-homebrew-remote URL --git-homebrew-core-remote URL --git-homebrew-cask-remote URL --git-homebrew-font-remote URL --git-homebrew-driver-remote URL
Create a designated Homebrew user who may not login to the system but is the Create a designated Homebrew user who may not login to the system but is the
only one able to install homebrew software systemwide. Install Homebrew at only one able to install homebrew software systemwide. Install Homebrew at
given PREFIX and make the new Homebrew user the owner of that. given PREFIX and make the new Homebrew user the owner of that.
Options: Options:
--homebrew-prefix PREFIX Path to folder that shall be the prefix of --homebrew-prefix PREFIX Path to folder that shall be the prefix of
the system wide Homebrew installation [default: $(getDefaultHomebrewPrefix)]. the system wide Homebrew installation [default: $(getDefaultHomebrewPrefix)].