#!/bin/sh # S'assurer que BackupPC peux exécuter rsync avec les droits sudo # Jérémy GARDAIS — Mai 2018 # .. vim: foldmarker=[[[,]]]:foldmethod=marker # Vars [[[ SUCCESS=0 ERROR=1 DEBUG=1 USER_ID=$(id -u) BACKUP_USER_LIST="backup backuppc" BACKUP_SUDOERS_LINE_REGEXP="backuppc.*ALL.*=.*(ALL:ALL).*NOEXEC:NOPASSWD:.*/usr/bin/rsync" BACKUP_SUDOERS_LINE="backup ALL=(ALL:ALL) NOEXEC:NOPASSWD: /usr/bin/rsync backuppc ALL=(ALL:ALL) NOEXEC:NOPASSWD: /usr/bin/rsync" BACKUP_SUDOERS_FILE="/etc/sudoers.d/backuppc_noexec" # ]]] # Functions [[[ ## Check if a backup user is present on the system from a list of users [[[ is_backup_user() { userlist_to_check="${1}" for user_to_check in ${userlist_to_check}; do if [ "$(id -- "${user_to_check}" 2> /dev/null)" ] ; then [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : Function is_backup_user() — ${user_to_check} user is available." return "${SUCCESS}" fi done ## Otherwise exit with error status printf '\e[1;31m%-6s\e[m\n' "ERROR : Function is_backup_user() — none of these users : ${userlist_to_check} are available on the system." exit "${ERROR}" } ## ]]] ## Check if backup permissions are already set in sudoers.d [[[ is_backup_sudoers_line() { line_to_check="${1}" if grep -Rq -- "${line_to_check}" /etc/sudoers.d/ then [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : Function is_backup_sudoers_line() — ${line_to_check} line is available in sudo configuration." return "${SUCCESS}" else [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : Function is_backup_sudoers_line() — ${line_to_check} was not found in sudo configuration." return "${ERROR}" fi } ## ]]] ## Add some configuration to a specific file under sudoers.d/ [[[ add_backup_sudoers_conf() { sudoers_conf="${1}" sudoers_file="${2}" ## Empty sudoers file true > "${sudoers_file}" ## Set sudoers configuration for BackupPC cat << EOF >> "${sudoers_file}" # This file was generated by fix_backuppc_linux_sudo.sh script. # Permissions for BackupPC - Backup tool ${sudoers_conf} EOF [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : Function add_backup_sudoers_conf() — ${sudoers_file} was modified." } ## ]]] # ]]] # Test permissions [[[ [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : Check admin rights." if [ "${USER_ID}" -ne "0" ]; then printf '\e[1;31m%-6s\e[m\n' "ERROR : You need to run with SUDO/Admin permissions." exit "${ERROR}" fi # ]]] # Ensure the backup user is available is_backup_user "${BACKUP_USER_LIST}" # Test if sudoers conf is already set if ! is_backup_sudoers_line "${BACKUP_SUDOERS_LINE_REGEXP}" then [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : First try — ${BACKUP_SUDOERS_LINE_REGEXP} was not found in sudo configuration." ## Add sudoers configuration add_backup_sudoers_conf "${BACKUP_SUDOERS_LINE}" "${BACKUP_SUDOERS_FILE}" ## Test if sudoers conf was successfully modified if ! is_backup_sudoers_line "${BACKUP_SUDOERS_LINE_REGEXP}" then [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : Second try — ${BACKUP_SUDOERS_LINE_REGEXP} was not found in sudo configuration." printf '\e[1;31m%-6s\e[m\n' "ERROR : The sudo configuration was not successfully modified." printf '\e[1;31m%-6s\e[m\n' "ERROR : Please contact your administrator." exit "${ERROR}" fi fi [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : End" printf '%b\n' "Your configuration is set up." exit "${SUCCESS}"