forked from extern/ohmyzsh
fix(installer): fix sudo
check for users with password or without privileges
The previous check only worked if the user could run `sudo` without typing the password, which is almost none (I checked in Google Cloud Shell so I failed to notice this). This new check works whether the user has no sudo privileges, or if it has, whether they have to type in the password or not. It should really be easier to check if the user doesn't have privilege without having to make them type the password.
This commit is contained in:
parent
b7a59e6d5c
commit
a0a949de56
@ -56,6 +56,28 @@ command_exists() {
|
||||
command -v "$@" >/dev/null 2>&1
|
||||
}
|
||||
|
||||
user_can_sudo() {
|
||||
# The following command has 3 parts:
|
||||
#
|
||||
# 1. Run `sudo` with `-v`. Does the following:
|
||||
# • with privilege: asks for a password immediately.
|
||||
# • without privilege: exits with error code 1 and prints the message:
|
||||
# Sorry, user <username> may not run sudo on <hostname>
|
||||
#
|
||||
# 2. Pass `-S` to `sudo` to tell it to get the password from stdin
|
||||
# instead of from a tty, and pipe `true` to `sudo`, since it doesn't
|
||||
# output anything. This will make sudo exit with error code 1 and print
|
||||
# the message:
|
||||
# sudo: no password was provided
|
||||
#
|
||||
# 3. Check for the words "may not run sudo" in the output to really tell
|
||||
# whether the user has privileges or not. For that we have to make sure
|
||||
# to run `sudo` in the default locale (with `LANG=`) so that the message
|
||||
# stays consistent regardless of the user's locale.
|
||||
#
|
||||
true | LANG= sudo -v -S 2>&1 | grep -q "may not run sudo"
|
||||
}
|
||||
|
||||
# The [ -t 1 ] check only works when the function is not called from
|
||||
# a subshell (like in `$(...)` or `(...)`, so this hack redefines the
|
||||
# function at the top level to always return false when stdout is not
|
||||
@ -360,8 +382,16 @@ EOF
|
||||
|
||||
echo "Changing your shell to $zsh..."
|
||||
|
||||
# Check if user has sudo privileges and run `chsh` or `sudo chsh`
|
||||
if LANG= sudo -l -U "$USER" 2>/dev/null | grep -q "is not allowed to run"; then
|
||||
# Check if user has sudo privileges to run `chsh` with or without `sudo`
|
||||
#
|
||||
# This allows the call to succeed without password on systems where the
|
||||
# user does not have a password but does have sudo privileges, like in
|
||||
# Google Cloud Shell.
|
||||
#
|
||||
# On systems that don't have a user with passwordless sudo, the user will
|
||||
# be prompted for the password either way, so this shouldn't cause any issues.
|
||||
#
|
||||
if user_can_sudo; then
|
||||
chsh -s "$zsh" "$USER" # run chsh normally
|
||||
else
|
||||
sudo -k chsh -s "$zsh" "$USER" # -k forces the password prompt
|
||||
|
Loading…
Reference in New Issue
Block a user