From 179362428cd410e10ade5cf0f5346485dab731f0 Mon Sep 17 00:00:00 2001 From: dmotte <37443982+dmotte@users.noreply.github.com> Date: Tue, 27 Aug 2024 21:55:01 +0200 Subject: [PATCH] Implemented MAINUSER_NOPASSWORD --- README.md | 17 +++++++++-------- build/startup.sh | 7 +++++++ docker-compose.yml | 1 + example/docker-compose.yml | 1 + example/remote/main.sh | 3 --- 5 files changed, 18 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index c59504d..e7ed059 100644 --- a/README.md +++ b/README.md @@ -62,14 +62,15 @@ Moreover, if you need to run commands after the LXDE startup, you can create lau List of supported **environment variables**: -| Variable | Required | Description | -| --------------- | ------------------------ | ----------------------------------------------------------------------------------------------- | -| `RESOLUTION` | No (default: 1920x1080) | Screen resolution | -| `MAINUSER_NAME` | No (default: mainuser) | Name of the main user. If set to `root`, no user will be created and the main user will be root | -| `MAINUSER_PASS` | No (default: `mainuser`) | Password of the main user (if `MAINUSER_NAME != root`) | -| `VNC_PASS` | No (default: none) | Password for the VNC server | -| `VNC_PORT` | No (default: 5901) | TCP port of the VNC server | -| `NOVNC_PORT` | No (default: 6901) | TCP port of the noVNC webserver | +| Variable | Required | Description | +| --------------------- | ------------------------ | ----------------------------------------------------------------------------------------------- | +| `RESOLUTION` | No (default: 1920x1080) | Screen resolution | +| `MAINUSER_NAME` | No (default: mainuser) | Name of the main user. If set to `root`, no user will be created and the main user will be root | +| `MAINUSER_PASS` | No (default: `mainuser`) | Password of the main user (if `MAINUSER_NAME != root`) | +| `MAINUSER_NOPASSWORD` | No (default: `false`) | Whether or not the main user should be allowed to `sudo` without password | +| `VNC_PASS` | No (default: none) | Password for the VNC server | +| `VNC_PORT` | No (default: 5901) | TCP port of the VNC server | +| `NOVNC_PORT` | No (default: 6901) | TCP port of the noVNC webserver | ## Development diff --git a/build/startup.sh b/build/startup.sh index 246f009..e97b1b2 100644 --- a/build/startup.sh +++ b/build/startup.sh @@ -9,6 +9,7 @@ resolution=${RESOLUTION:-1920x1080} mainuser_name=${MAINUSER_NAME:-mainuser} mainuser_pass=${MAINUSER_PASS:-mainuser} unset MAINUSER_PASS +mainuser_nopassword=${MAINUSER_NOPASSWORD:-false} vnc_pass=${VNC_PASS:-} unset VNC_PASS @@ -46,6 +47,12 @@ else echo "Setting the user's password" echo "$mainuser_name:$mainuser_pass" | chpasswd fi + + if [ "$mainuser_nopassword" = true ]; then + echo "Enabling sudo without password for user $mainuser_name" + install -m440 <(echo "$mainuser_name ALL=(ALL) NOPASSWD: ALL") \ + "/etc/sudoers.d/$mainuser_name-nopassword" + fi fi ##################### SUPERVISORD CONFIG MAIN REPLACEMENTS ##################### diff --git a/docker-compose.yml b/docker-compose.yml index 779c1d0..02691b2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -12,4 +12,5 @@ services: - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro environment: + MAINUSER_NOPASSWORD: "true" VNC_PASS: mainuser diff --git a/example/docker-compose.yml b/example/docker-compose.yml index 59213d3..a7bbe34 100644 --- a/example/docker-compose.yml +++ b/example/docker-compose.yml @@ -17,6 +17,7 @@ services: - data:/data environment: MAINUSER_PASS: mypassword + MAINUSER_NOPASSWORD: "true" VNC_PASS: mypassword volumes: diff --git a/example/remote/main.sh b/example/remote/main.sh index 2172b26..5311d51 100644 --- a/example/remote/main.sh +++ b/example/remote/main.sh @@ -63,9 +63,6 @@ bash helpers/shellinabox.sh echo 'Performing basic mainuser setup' -install -m440 <(echo 'mainuser ALL=(ALL) NOPASSWD: ALL') \ - /etc/sudoers.d/mainuser-nopassword - install -d -omainuser -gmainuser -m700 ~mainuser/.ssh install -omainuser -gmainuser -m600 authorized-keys-mainuser.txt \