From 4483ba3eccc234fae3ddccd8cb5ec148ca233451 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gardais=20J=C3=A9r=C3=A9my?= Date: Mon, 28 May 2018 17:52:23 +0200 Subject: [PATCH] Add sudoers configuration --- client/fix_backuppc_linux_sudo.sh | 51 +++++++++++++++++++++++++------ 1 file changed, 41 insertions(+), 10 deletions(-) diff --git a/client/fix_backuppc_linux_sudo.sh b/client/fix_backuppc_linux_sudo.sh index 5eaf07e..ba285fe 100755 --- a/client/fix_backuppc_linux_sudo.sh +++ b/client/fix_backuppc_linux_sudo.sh @@ -13,6 +13,8 @@ EUID=$(id -u) BACKUP_USER_LOGIN="backup" #BACKUP_USER_LOGIN="backuppc" SUDOERS_LINE_REGEXP="${BACKUP_USER_LOGIN}.*ALL.*=.*(ALL:ALL).*NOEXEC:NOPASSWD:.*/usr/bin/rsync" +SUDOERS_LINE="${BACKUP_USER_LOGIN} ALL=(ALL:ALL) NOEXEC:NOPASSWD: /usr/bin/rsync" +SUDOERS_FILE="/etc/sudoers.d/backuppc_noexec" # ]]] # Functions [[[ @@ -21,10 +23,10 @@ is_user() ## [[[ user_to_check="${1}" if [ "$(id -- "${user_to_check}" 2> /dev/null)" ] ; then - [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : Function — ${user_to_check} user is available." + [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : Function is_user() — ${user_to_check} user is available." return "${SUCCESS}" else - printf '\e[1;31m%-6s\e[m\n' "ERROR : Function — ${user_to_check} user is unavailable." + printf '\e[1;31m%-6s\e[m\n' "ERROR : Function is_user() — ${user_to_check} user is unavailable." exit "${ERROR}" fi } @@ -35,14 +37,33 @@ is_sudoers_line() ## [[[ if grep -Rq -- "${line_to_check}" /etc/sudoers.d/ then - [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : Function — ${line_to_check} line is available in sudo configuration." + [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : Function is_sudoers_line() — ${line_to_check} line is available in sudo configuration." return "${SUCCESS}" else - [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : Function — ${line_to_check} was not found in sudo configuration." + [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : Function is_sudoers_line() — ${line_to_check} was not found in sudo configuration." return "${ERROR}" fi } ## ]]] +add_sudoers_conf() ## [[[ +{ + sudoers_conf="${1}" + sudoers_file="${2}" + + ## Empty sudoers file + true > "${sudoers_file}" + + ## Set sudoers configuration for BackupPC + cat << EOF >> "${sudoers_file}" +# This file was generated by fix_backuppc_linux_sudo.sh script. + +# Permissions for BackupPC - Backup tool +${sudoers_conf} +EOF + + [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : Function add_sudoers_conf() — ${sudoers_file} was modified." +} +## ]]] # ]]] # Test permissions [[[ @@ -53,17 +74,27 @@ if [ "${EUID}" -ne "0" ]; then fi # ]]] +# Ensure the backup user is available is_user "${BACKUP_USER_LOGIN}" -if is_sudoers_line "${SUDOERS_LINE_REGEXP}" +# Test if sudoers conf is already set +if ! is_sudoers_line "${SUDOERS_LINE_REGEXP}" then - [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : ${SUDOERS_LINE_REGEXP} is already set in sudo configuration." - printf '%b\n' "Your configuration is set up." - exit 0 -else [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : First try — ${SUDOERS_LINE_REGEXP} was not found in sudo configuration." + ## Add sudoers configuration + add_sudoers_conf "${SUDOERS_LINE}" "${SUDOERS_FILE}" + + ## Test if sudoers conf was successfully modified + if ! is_sudoers_line "${SUDOERS_LINE_REGEXP}" + then + [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : Second try — ${SUDOERS_LINE_REGEXP} was not found in sudo configuration." + printf '\e[1;31m%-6s\e[m\n' "ERROR : The sudo configuration was not successfully modified." + exit "${ERROR}" + fi fi [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : End" -exit 0 +printf '%b\n' "Your configuration is set up." + +exit "${SUCCESS}"