ai/os
1
0
Fork 0
Code Issues Actions Packages Releases 1 Wiki Activity

fix: Configure sudo for specific commands only

Browse Source 
Changed sudo configuration to allow NOPASSWD for specific commands only:
- pacman -Syu --noconfirm (system update)
- rm -rf /var/lib/pacman/db.lck (unlock pacman)
- poweroff (shutdown)
- reboot (reboot)

This is more secure than allowing all commands without password.
This commit is contained in:
Claude
2025-11-06 15:19:48 +00:00
parent 69754d9df0
commit baece04bba
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
build.zsh
View File

@@ -29,8 +29,8 @@ cp -rf ./cfg/os-release root.x86_64/var/lib/machines/arch/etc/os-release
arch-chroot root.x86_64/var/lib/machines/arch /bin/sh -c 'useradd -m -G wheel -s /bin/zsh ai' arch-chroot root.x86_64/var/lib/machines/arch /bin/sh -c 'useradd -m -G wheel -s /bin/zsh ai'
arch-chroot root.x86_64/var/lib/machines/arch /bin/sh -c 'echo "ai:root" | chpasswd' arch-chroot root.x86_64/var/lib/machines/arch /bin/sh -c 'echo "ai:root" | chpasswd'
# Enable wheel group for sudo # Enable wheel group for sudo (specific commands without password)
arch-chroot root.x86_64/var/lib/machines/arch /bin/sh -c 'sed -i "s/^# %wheel ALL=(ALL:ALL) ALL/%wheel ALL=(ALL:ALL) ALL/" /etc/sudoers' arch-chroot root.x86_64/var/lib/machines/arch /bin/sh -c 'echo "%wheel ALL=(ALL:ALL) NOPASSWD: /usr/bin/pacman -Syu --noconfirm, /usr/bin/rm -rf /var/lib/pacman/db.lck, /usr/bin/poweroff, /usr/bin/reboot" >> /etc/sudoers'
# Setup auto-login for user 'ai' # Setup auto-login for user 'ai'
arch-chroot root.x86_64/var/lib/machines/arch /bin/sh -c 'mkdir -p /etc/systemd/system/getty@tty1.service.d' arch-chroot root.x86_64/var/lib/machines/arch /bin/sh -c 'mkdir -p /etc/systemd/system/getty@tty1.service.d'