mirror of
https://github.com/stornic56/debianito-post-install.git
synced 2026-07-16 05:49:49 +00:00
add Java JDK/JRE selection and patches
- Created dedicated `extras/java.sh` module for modular Temurin/Adoptium repository handling and isolated GPG key management. - Implemented selective JRE/JDK installation paths: Gaming (Minecraft) vs Development environments with version control selectors. - Enhanced user group membership logic (`_ensure_sudo_group`) to auto-configure administrative privileges on fresh installs. - Introduced maintenance-friendly passwordless sudo for `apt`, `systemctl`, and shutdown commands via `/etc/sudoers.d/`. - Added home directory ownership repair utility to fix root-owned files in user directories after improper `sudo` usage. - Enabled visual password feedback (`pwfeedback`) toggle for enhanced terminal usability during authentication prompts. - Refactored Debian 13/Trixie repository sourcing logic to ensure idempotency and prevent backports/duplicate sources conflicts. - Updated Bullseye legacy modules (extras.sh, repos.sh) to exclude deprecated packages (`hx`, `vscodium`) and enforce Firefox ESR defaults. - Cleaned repository configurations by removing obsolete `bullseye-updates` source entries to prevent dependency conflicts. - Implemented NVTOP conditional detection logic ensuring display only on active Nvidia drivers or supported architectures (Trixie/Bookworm). - Corrected `/modules/bullseye/extras.sh` menu mappings (Programming, Dev Tools) and verified package lists excluding incompatible tools (`hx`, `vscodium`). - Integrated ClamAV security module with daemon state management and background scan execution flows in all Security menus. - update README.md
This commit is contained in:
+143
-14
@@ -1,30 +1,159 @@
|
||||
#!/usr/bin/env bash
|
||||
# Adds user to sudo group and optionally enables pwfeedback
|
||||
# sudo_config.sh — User Privileges & Feedback submenu
|
||||
# License GPL v3
|
||||
|
||||
config_sudo() {
|
||||
echo -e "${YELLOW}Configuring sudo...${NC}"
|
||||
echo -e "${YELLOW}User Privileges & Feedback${NC}"
|
||||
|
||||
while true; do
|
||||
local choice
|
||||
choice=$(whiptail --title "User Privileges & Feedback" --menu \
|
||||
"Select an option:" $TUI_ALTO $TUI_ANCHO 6 \
|
||||
"1" "Sudo Group Membership" \
|
||||
"2" "Passwordless Sudo (maintenance commands)" \
|
||||
"3" "Repair Home Directory Ownership" \
|
||||
"4" "Sudo Password Feedback (asterisks)" \
|
||||
"5" "Back to main menu" \
|
||||
3>&1 1>&2 2>&3)
|
||||
|
||||
[ -z "$choice" ] && return
|
||||
clear
|
||||
|
||||
case "$choice" in
|
||||
1) _check_sudo_group ;;
|
||||
2) _configure_nopasswd ;;
|
||||
3) _repair_home_ownership ;;
|
||||
4) _toggle_pwfeedback ;;
|
||||
5) return ;;
|
||||
esac
|
||||
done
|
||||
}
|
||||
|
||||
# ── Option 1: Sudo Group Membership ──
|
||||
_check_sudo_group() {
|
||||
if groups "$USER" | grep -qE '\bsudo\b'; then
|
||||
echo "User is already in the sudo group."
|
||||
_msg "Sudo Group" "User '$USER' is already in the sudo group."
|
||||
else
|
||||
echo "Adding user '$USER' to sudo group..."
|
||||
if sudo usermod -aG sudo "$USER"; then
|
||||
echo -e "${GREEN}Done. Note: you need to log out and back in for group changes to take effect.${NC}"
|
||||
if _confirm "Sudo Group" \
|
||||
"User '$USER' is NOT in the sudo group.\n\nAdd to sudo group?"; then
|
||||
if sudo usermod -aG sudo "$USER"; then
|
||||
_msg "Sudo Group" \
|
||||
"User added to sudo group.\n\nLog out and back in for\ngroup changes to take effect." 10 60
|
||||
else
|
||||
_msg "Sudo Group" "Failed to add user to sudo group." 7 60
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
# ── Option 2: Passwordless Sudo (NOPASSWD) ──
|
||||
_configure_nopasswd() {
|
||||
local nopasswd_file="/etc/sudoers.d/${USER}-nopasswd"
|
||||
|
||||
if [ -f "$nopasswd_file" ]; then
|
||||
if _confirm "NOPASSWD" \
|
||||
"Passwordless sudo is already configured.\n\nRemove it to restore password prompts?"; then
|
||||
sudo rm -f "$nopasswd_file"
|
||||
echo -e "${GREEN}Passwordless sudo removed.${NC}"
|
||||
fi
|
||||
return
|
||||
fi
|
||||
|
||||
if _confirm "NOPASSWD" \
|
||||
"Configure passwordless sudo for maintenance commands?\n\n\
|
||||
- apt / apt-get (package management)\n\
|
||||
- systemctl (service management)\n\
|
||||
- shutdown / reboot / halt (power commands)\n\n\
|
||||
Useful for automation but reduces security." 14 70; then
|
||||
local choices
|
||||
choices=$(whiptail --title "NOPASSWD Commands" --checklist \
|
||||
"Select commands to allow without password:" 12 60 3 \
|
||||
"apt" "APT package management" ON \
|
||||
"systemctl" "Systemd service management" ON \
|
||||
"power" "Shutdown, reboot, halt" ON \
|
||||
3>&1 1>&2 2>&3)
|
||||
clear
|
||||
|
||||
[ -z "$choices" ] && { echo "No commands selected."; return; }
|
||||
local cleaned; cleaned=$(echo "$choices" | tr -d '"')
|
||||
|
||||
local content=""
|
||||
for cmd in $cleaned; do
|
||||
case $cmd in
|
||||
apt)
|
||||
content+="${USER} ALL=(root) NOPASSWD: /usr/bin/apt, /usr/bin/apt-get, /bin/apt, /bin/apt-get\n"
|
||||
;;
|
||||
systemctl)
|
||||
content+="${USER} ALL=(root) NOPASSWD: /usr/bin/systemctl, /bin/systemctl\n"
|
||||
;;
|
||||
power)
|
||||
content+="${USER} ALL=(root) NOPASSWD: /usr/sbin/shutdown, /sbin/shutdown, /usr/sbin/reboot, /sbin/reboot, /usr/sbin/halt, /sbin/halt\n"
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
echo -e "$content" | sudo tee "$nopasswd_file" > /dev/null
|
||||
sudo chmod 0440 "$nopasswd_file"
|
||||
if [ -f "$nopasswd_file" ]; then
|
||||
echo -e "${GREEN}Passwordless sudo configured for selected commands.${NC}"
|
||||
else
|
||||
echo -e "${RED}Failed to add user to sudo group.${NC}"
|
||||
echo -e "${RED}Failed to configure passwordless sudo.${NC}"
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
if _confirm "Sudo Password Feedback" "Show asterisks when typing the sudo password?"; then
|
||||
echo 'Defaults pwfeedback' | sudo tee /etc/sudoers.d/pwfeedback > /dev/null
|
||||
if [ $? -eq 0 ]; then
|
||||
echo -e "${GREEN}Password feedback enabled.${NC}"
|
||||
else
|
||||
echo -e "${RED}Failed to create /etc/sudoers.d/pwfeedback.${NC}"
|
||||
# ── Option 3: Repair Home Directory Ownership ──
|
||||
_repair_home_ownership() {
|
||||
local home
|
||||
home=$(eval echo "~$USER")
|
||||
|
||||
if [ ! -d "$home" ]; then
|
||||
_msg "Home Directory" "Home directory '$home' does not exist." 8 60
|
||||
return 1
|
||||
fi
|
||||
|
||||
local uid uid_owner
|
||||
uid=$(id -u "$USER" 2>/dev/null)
|
||||
uid_owner=$(stat -c '%u' "$home" 2>/dev/null || echo "0")
|
||||
|
||||
if [ "$uid_owner" != "$uid" ]; then
|
||||
local expected_user
|
||||
expected_user=$(id -nu "$uid_owner" 2>/dev/null || echo "UID $uid_owner")
|
||||
if _confirm "Home Permissions" \
|
||||
"Home directory '$home' is owned by\n'$expected_user' (expected: '$USER').\n\nRepair ownership?" 12 65; then
|
||||
if sudo chown -R "$USER:$USER" "$home"; then
|
||||
echo -e "${GREEN}Home directory ownership repaired.${NC}"
|
||||
else
|
||||
echo -e "${RED}Failed to repair home directory ownership.${NC}"
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
else
|
||||
echo "Skipping password feedback setting."
|
||||
_msg "Home Permissions" "Home directory ownership is correct\n(owner: $USER)." 8 60
|
||||
fi
|
||||
}
|
||||
|
||||
# ── Option 4: Sudo Password Feedback (pwfeedback) ──
|
||||
_toggle_pwfeedback() {
|
||||
local fb_file="/etc/sudoers.d/pwfeedback"
|
||||
|
||||
if [ -f "$fb_file" ]; then
|
||||
if _confirm "Password Feedback" \
|
||||
"Asterisks are currently ENABLED when typing sudo password.\n\nDisable them?"; then
|
||||
sudo rm -f "$fb_file"
|
||||
echo -e "${GREEN}Password feedback disabled.${NC}"
|
||||
fi
|
||||
else
|
||||
if _confirm "Password Feedback" \
|
||||
"Show asterisks when typing the sudo password?"; then
|
||||
if echo 'Defaults pwfeedback' | sudo tee "$fb_file" > /dev/null 2>&1; then
|
||||
echo -e "${GREEN}Password feedback enabled.${NC}"
|
||||
else
|
||||
echo -e "${RED}Failed to create $fb_file${NC}"
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user