#!/usr/bin/env bash # William Mantly # MIT License # https://github.com/wmantly/sudoers-add NEWLINE=$'\n' CONTENT="" ME="$(basename "$(test -L "$0" && readlink "$0" || echo "$0")")" if [ "$1" == "--help" ] || [ "$1" == "-h" ]; then echo "Usage: $ME [file_path] [sudoers-file-name]" echo "Usage: [content] | $ME sudoers-file-name" echo "This will take a sudoers config validate it and add it to /etc/sudoers.d/{sudoers-file-name}" echo "The config can come from a file, first usage example or piped in second example." exit 0 fi if [ "$1" == "" ]; then (>&2 echo "This command take at lest one argument. See $ME --help") exit 1 fi if [ "$2" == "" ]; then FILE_NAME=$1 shift else FILE_NAME=$2 fi if [[ $EUID -ne 0 ]]; then echo "This script must be run as root" exit 1 fi while read -r line do CONTENT+="${line}${NEWLINE}" done < "${1:-/dev/stdin}" if [ "$CONTENT" == "" ]; then (>&2 echo "No config content specified. See $ME --help") exit 1 fi if [ "$FILE_NAME" == "" ]; then (>&2 echo "No sudoers file name specified. See $ME --help") exit 1 fi # Verify that the resulting file name begins with /etc/sudoers.d FILE_NAME="$(realpath "/etc/sudoers.d/$FILE_NAME")" if [[ "$FILE_NAME" != "/etc/sudoers.d/"* ]] ; then echo -n "Invalid sudoers filename: Final sudoers file " echo "location ($FILE_NAME) does not begin with /etc/sudoers.d" exit 1 fi # Make a temp file to hold the sudoers config umask 077 TEMP_FILE=$(mktemp) echo "$CONTENT" > "$TEMP_FILE" # Make sure the content is valid visudo_STDOUT=$(visudo -c -f "$TEMP_FILE" 2>&1) visudo_code=$? # The temp file is no longer needed rm "$TEMP_FILE" if [ $visudo_code -eq 0 ]; then echo "$CONTENT" > "$FILE_NAME" chmod 0440 "$FILE_NAME" echo "The sudoers file $FILE_NAME has been successfully created!" exit 0 else echo "Invalid sudoers config!" echo "$visudo_STDOUT" exit 1 fi