From 48e160243303918bfffa1c641cd5e054e631ef40 Mon Sep 17 00:00:00 2001 From: lgromero Date: Mon, 22 Sep 2025 13:06:06 +0200 Subject: [PATCH] refs #2789 replace ogboot sudoers to a unique sudoers and adds necessary ogboot commands --- etc/ogboot.sudoers | 55 +++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 52 insertions(+), 3 deletions(-) diff --git a/etc/ogboot.sudoers b/etc/ogboot.sudoers index a14d03e..0f86306 100644 --- a/etc/ogboot.sudoers +++ b/etc/ogboot.sudoers @@ -1,3 +1,52 @@ -opengnsys ALL=(ALL) NOPASSWD: /opt/bin/oglivecli -opengnsys ALL=(root) NOPASSWD: /usr/bin/chmod, /usr/bin/chown, /usr/bin/md5sum, /usr/bin/smbpasswd, /usr/bin/cat, /usr/bin/tee, /usr/bin/sed, /usr/bin/gzip, /usr/bin/lz4, /usr/bin/cpio, /usr/bin/find, /bin/tee, /usr/bin/dd, /usr/bin/mkfs.ext4, /usr/bin/rsync -opengnsys ALL=(root) NOPASSWD: __OGBOOT_TARGET__/lib/*.iso /mnt \ No newline at end of file +# Variables para facilitar la lectura +Cmnd_Alias MOUNT_RECOVERY = \ + /usr/bin/mkdir -p /mnt/recovery, \ + /usr/bin/mount /dev/* /mnt/recovery, \ + /usr/bin/mount --bind /dev /mnt/recovery/dev, \ + /usr/bin/mount --bind /proc /mnt/recovery/proc, \ + /usr/bin/mount --bind /sys /mnt/recovery/sys, \ + /usr/bin/umount /mnt/recovery/dev, \ + /usr/bin/umount /mnt/recovery/proc, \ + /usr/bin/umount /mnt/recovery/sys, \ + /usr/bin/umount -l /mnt/recovery + + +Cmnd_Alias OGBOOT = \ + /opt/bin/oglivecli, \ + /usr/bin/chmod, \ + /usr/bin/chown, \ + /usr/bin/md5sum, \ + /usr/bin/smbpasswd, \ + /usr/bin/cat, \ + /usr/bin/tee, \ + /usr/bin/sed, \ + /usr/bin/gzip, \ + /usr/bin/lz4, \ + /usr/bin/cpio, \ + /usr/bin/find, \ + /bin/tee, \ + /usr/bin/dd, \ + /usr/bin/mkfs.ext4, \ + /usr/bin/rsync, \ + /opt/opengnsys/ogboot/lib/*.iso /mnt + + +Cmnd_Alias CHROOT_GRUB = \ + /usr/sbin/chroot /mnt/recovery /usr/sbin/grub-install --target=i386-pc *, \ + /usr/sbin/chroot /mnt/recovery /usr/sbin/grub-mkconfig -o /boot/grub/grub.cfg + +Cmnd_Alias LOOP_KPARTX = \ + /usr/sbin/losetup -d *, \ + /usr/sbin/kpartx -av /opt/opengnsys/ogrepository/images_virtual/*, \ + /usr/sbin/kpartx -d /opt/opengnsys/ogrepository/images_virtual/*, \ + /usr/sbin/blkid /dev/mapper/* + +Cmnd_Alias KILL_BT = \ + /usr/bin/pkill -9 btlaunchmany, \ + /usr/bin/pkill -9 bttrack, \ + /usr/bin/kill -9 * + +Cmnd_Alias PYTHON_OGREPO = /usr/bin/python3 /opt/opengnsys/ogrepository/bin/* + +# Permitir al usuario opengnsys ejecutar estos comandos sin contraseƱa +opengnsys ALL=(root) NOPASSWD: MOUNT_RECOVERY, CHROOT_GRUB, LOOP_KPARTX, OGBOOT, KILL_BT, PYTHON_OGREPO