-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy pathpasswordless-sudo.sh
More file actions
27 lines (27 loc) · 1000 Bytes
/
passwordless-sudo.sh
File metadata and controls
27 lines (27 loc) · 1000 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
#
# wrap sudo
# create a password-less bind mount sudoers.d file
# should only prompt for password on first use
#
# XXX - utilize doas if sudo not found?
#
: ${realsudo:="/usr/bin/sudo"}
export realsudo
function sudo() {
local sudoersddir="/etc/sudoers.d"
local sudoersdfile="95_cros_base"
local tmpdir="/usr/local/tmp"
${realsudo} test -e ${sudoersddir}/${sudoersdfile} && {
mount | grep -q " ${sudoersddir}/${sudoersdfile} " || {
echo "bind mounting ${sudoersddir}/${sudoersdfile}" 1>&2
${realsudo} mkdir -p ${tmpdir} \
&& ${realsudo} chmod 3775 ${tmpdir} \
&& ${realsudo} chgrp chronos ${tmpdir} \
&& echo 'chronos ALL=(ALL:ALL) NOPASSWD: ALL' | ${realsudo} tee ${tmpdir}/${sudoersdfile} >/dev/null 2>&1 \
&& ${realsudo} chown root:root ${tmpdir}/${sudoersdfile} \
&& ${realsudo} chmod 440 ${tmpdir}/${sudoersdfile} \
&& ${realsudo} mount -o bind ${tmpdir}/${sudoersdfile} ${sudoersddir}/${sudoersdfile}
}
}
${realsudo} "${@}"
}