extern/sshuttle
1
1
Fork 0
mirror of https://github.com/sshuttle/sshuttle.git synced 2025-02-16 18:32:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #648 from skuhl/sudoers-add-sanitize

Browse Source 
Fix #637: sudoers-add should always write to /etc/sudoers.d/...
This commit is contained in:
Brian May 2021-05-31 07:53:19 +10:00 committed by GitHub
commit 58c264ff1c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
bin/sudoers-add
View File

@ -50,6 +50,14 @@ if [ "$FILE_NAME" == "" ]; then
exit 1 exit 1
fi fi
# Verify that the resulting file name begins with /etc/sudoers.d
FILE_NAME="$(realpath "/etc/sudoers.d/$FILE_NAME")"
if [[ "$FILE_NAME" != "/etc/sudoers.d/"* ]] ; then
echo -n "Invalid sudoers filename: Final sudoers file "
echo "location ($FILE_NAME) does not begin with /etc/sudoers.d"
exit 1
fi
# Make a temp file to hold the sudoers config # Make a temp file to hold the sudoers config
umask 077 umask 077
TEMP_FILE=$(mktemp) TEMP_FILE=$(mktemp)
@ -62,9 +70,9 @@ visudo_code=$?
rm "$TEMP_FILE" rm "$TEMP_FILE"
if [ $visudo_code -eq 0 ]; then if [ $visudo_code -eq 0 ]; then
echo "$CONTENT" > "/etc/sudoers.d/$FILE_NAME" echo "$CONTENT" > "$FILE_NAME"
chmod 0440 "/etc/sudoers.d/$FILE_NAME" chmod 0440 "$FILE_NAME"
echo "The sudoers file /etc/sudoers.d/$FILE_NAME has been successfully created!" echo "The sudoers file $FILE_NAME has been successfully created!"
exit 0 exit 0
else else