Files
debianito-post-install/modules/sudo_config.sh
T
stornic56 872f92d6b4 add Java JDK/JRE selection and patches
- Created dedicated `extras/java.sh` module for modular Temurin/Adoptium repository handling and isolated GPG key management.
- Implemented selective JRE/JDK installation paths: Gaming (Minecraft) vs Development environments with version control selectors.
- Enhanced user group membership logic (`_ensure_sudo_group`) to auto-configure administrative privileges on fresh installs.
- Introduced maintenance-friendly passwordless sudo for `apt`, `systemctl`, and shutdown commands via `/etc/sudoers.d/`.
- Added home directory ownership repair utility to fix root-owned files in user directories after improper `sudo` usage.
- Enabled visual password feedback (`pwfeedback`) toggle for enhanced terminal usability during authentication prompts.
- Refactored Debian 13/Trixie repository sourcing logic to ensure idempotency and prevent backports/duplicate sources conflicts.
- Updated Bullseye legacy modules (extras.sh, repos.sh) to exclude deprecated packages (`hx`, `vscodium`) and enforce Firefox ESR defaults.
- Cleaned repository configurations by removing obsolete `bullseye-updates` source entries to prevent dependency conflicts.
- Implemented NVTOP conditional detection logic ensuring display only on active Nvidia drivers or supported architectures (Trixie/Bookworm).
- Corrected `/modules/bullseye/extras.sh` menu mappings (Programming, Dev Tools) and verified package lists excluding incompatible tools (`hx`, `vscodium`).
- Integrated ClamAV security module with daemon state management and background scan execution flows in all Security menus.
- update README.md
2026-06-13 19:21:55 -05:00

160 lines
5.6 KiB
Bash

#!/usr/bin/env bash
# sudo_config.sh — User Privileges & Feedback submenu
# License GPL v3
config_sudo() {
echo -e "${YELLOW}User Privileges & Feedback${NC}"
while true; do
local choice
choice=$(whiptail --title "User Privileges & Feedback" --menu \
"Select an option:" $TUI_ALTO $TUI_ANCHO 6 \
"1" "Sudo Group Membership" \
"2" "Passwordless Sudo (maintenance commands)" \
"3" "Repair Home Directory Ownership" \
"4" "Sudo Password Feedback (asterisks)" \
"5" "Back to main menu" \
3>&1 1>&2 2>&3)
[ -z "$choice" ] && return
clear
case "$choice" in
1) _check_sudo_group ;;
2) _configure_nopasswd ;;
3) _repair_home_ownership ;;
4) _toggle_pwfeedback ;;
5) return ;;
esac
done
}
# ── Option 1: Sudo Group Membership ──
_check_sudo_group() {
if groups "$USER" | grep -qE '\bsudo\b'; then
_msg "Sudo Group" "User '$USER' is already in the sudo group."
else
if _confirm "Sudo Group" \
"User '$USER' is NOT in the sudo group.\n\nAdd to sudo group?"; then
if sudo usermod -aG sudo "$USER"; then
_msg "Sudo Group" \
"User added to sudo group.\n\nLog out and back in for\ngroup changes to take effect." 10 60
else
_msg "Sudo Group" "Failed to add user to sudo group." 7 60
return 1
fi
fi
fi
}
# ── Option 2: Passwordless Sudo (NOPASSWD) ──
_configure_nopasswd() {
local nopasswd_file="/etc/sudoers.d/${USER}-nopasswd"
if [ -f "$nopasswd_file" ]; then
if _confirm "NOPASSWD" \
"Passwordless sudo is already configured.\n\nRemove it to restore password prompts?"; then
sudo rm -f "$nopasswd_file"
echo -e "${GREEN}Passwordless sudo removed.${NC}"
fi
return
fi
if _confirm "NOPASSWD" \
"Configure passwordless sudo for maintenance commands?\n\n\
- apt / apt-get (package management)\n\
- systemctl (service management)\n\
- shutdown / reboot / halt (power commands)\n\n\
Useful for automation but reduces security." 14 70; then
local choices
choices=$(whiptail --title "NOPASSWD Commands" --checklist \
"Select commands to allow without password:" 12 60 3 \
"apt" "APT package management" ON \
"systemctl" "Systemd service management" ON \
"power" "Shutdown, reboot, halt" ON \
3>&1 1>&2 2>&3)
clear
[ -z "$choices" ] && { echo "No commands selected."; return; }
local cleaned; cleaned=$(echo "$choices" | tr -d '"')
local content=""
for cmd in $cleaned; do
case $cmd in
apt)
content+="${USER} ALL=(root) NOPASSWD: /usr/bin/apt, /usr/bin/apt-get, /bin/apt, /bin/apt-get\n"
;;
systemctl)
content+="${USER} ALL=(root) NOPASSWD: /usr/bin/systemctl, /bin/systemctl\n"
;;
power)
content+="${USER} ALL=(root) NOPASSWD: /usr/sbin/shutdown, /sbin/shutdown, /usr/sbin/reboot, /sbin/reboot, /usr/sbin/halt, /sbin/halt\n"
;;
esac
done
echo -e "$content" | sudo tee "$nopasswd_file" > /dev/null
sudo chmod 0440 "$nopasswd_file"
if [ -f "$nopasswd_file" ]; then
echo -e "${GREEN}Passwordless sudo configured for selected commands.${NC}"
else
echo -e "${RED}Failed to configure passwordless sudo.${NC}"
return 1
fi
fi
}
# ── Option 3: Repair Home Directory Ownership ──
_repair_home_ownership() {
local home
home=$(eval echo "~$USER")
if [ ! -d "$home" ]; then
_msg "Home Directory" "Home directory '$home' does not exist." 8 60
return 1
fi
local uid uid_owner
uid=$(id -u "$USER" 2>/dev/null)
uid_owner=$(stat -c '%u' "$home" 2>/dev/null || echo "0")
if [ "$uid_owner" != "$uid" ]; then
local expected_user
expected_user=$(id -nu "$uid_owner" 2>/dev/null || echo "UID $uid_owner")
if _confirm "Home Permissions" \
"Home directory '$home' is owned by\n'$expected_user' (expected: '$USER').\n\nRepair ownership?" 12 65; then
if sudo chown -R "$USER:$USER" "$home"; then
echo -e "${GREEN}Home directory ownership repaired.${NC}"
else
echo -e "${RED}Failed to repair home directory ownership.${NC}"
return 1
fi
fi
else
_msg "Home Permissions" "Home directory ownership is correct\n(owner: $USER)." 8 60
fi
}
# ── Option 4: Sudo Password Feedback (pwfeedback) ──
_toggle_pwfeedback() {
local fb_file="/etc/sudoers.d/pwfeedback"
if [ -f "$fb_file" ]; then
if _confirm "Password Feedback" \
"Asterisks are currently ENABLED when typing sudo password.\n\nDisable them?"; then
sudo rm -f "$fb_file"
echo -e "${GREEN}Password feedback disabled.${NC}"
fi
else
if _confirm "Password Feedback" \
"Show asterisks when typing the sudo password?"; then
if echo 'Defaults pwfeedback' | sudo tee "$fb_file" > /dev/null 2>&1; then
echo -e "${GREEN}Password feedback enabled.${NC}"
else
echo -e "${RED}Failed to create $fb_file${NC}"
return 1
fi
fi
fi
}