aws: Create "setup" user to run setup

Amazon does not permit that a user logs in as root directly.
Instead they insist on using sudo.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/rootfiles/common/setup b/config/rootfiles/common/setup
index c5bd361a554f7b574620517598ef409a65879daa..5da99c1cf8dd9d24550e10dd69274075ee2da578 100644 (file)
--- a/config/rootfiles/common/setup
+++ b/config/rootfiles/common/setup
@@ -1,4 +1,6 @@
+etc/sudoers.d/setup
 usr/bin/probenic.sh
+usr/bin/run-setup
 usr/sbin/setup
 usr/share/locale/ar/LC_MESSAGES/setup.mo
 usr/share/locale/ca/LC_MESSAGES/setup.mo

diff --git a/src/initscripts/helper/aws-setup b/src/initscripts/helper/aws-setup
index f4ec45d902d14271b8322c62278f993027b954f1..0ae727c3ff8ea7217cee72e1026979dd4fd37035 100644 (file)
--- a/src/initscripts/helper/aws-setup
+++ b/src/initscripts/helper/aws-setup
@@ -84,19 +84,27 @@ import_aws_configuration() {
                echo "DOMAINNAME=${hostname#*.}" >> /var/ipfire/main/settings
        fi
 
-       # Import SSH keys
-       local line
-       for line in $(get "public-keys/"); do
-               local key_no="${line%=*}"
-
-               local key="$(get public-keys/${key_no}/openssh-key)"
-               if [ -n "${key}" ] && ! grep -q "^${key}$" /root/.ssh/authorized_keys 2>/dev/null; then
-                       mkdir -p /root/.ssh
-                       chmod 700 /root/.ssh
+       # Create setup user
+       if ! getent passwd setup &>/dev/null; then
+               useradd -r setup -s /usr/bin/run-setup -g nobody -m
+       fi
 
-                       echo "${key}" >> /root/.ssh/authorized_keys
-                       chmod 600 /root/.ssh/authorized_keys
-               fi
+       # Import SSH keys
+       local user
+       for user in /root /home/setup; do
+               local line
+               for line in $(get "public-keys/"); do
+                       local key_no="${line%=*}"
+
+                       local key="$(get public-keys/${key_no}/openssh-key)"
+                       if [ -n "${key}" ] && ! grep -q "^${key}$" "${user}/.ssh/authorized_keys" 2>/dev/null; then
+                               mkdir -p "${user}/.ssh"
+                               chmod 700 "${user}/.ssh"
+
+                               echo "${key}" >> "${user}/.ssh/authorized_keys"
+                               chmod 600 "${user}/.ssh/authorized_keys"
+                       fi
+               done
        done
 
        # Import any DNS server settings

diff --git a/src/setup/Makefile.am b/src/setup/Makefile.am
index 0ead631954c760c38b2e99c66b81fe52f33d8b73..b06d20bf16fdabef4b8c7ce962346aa1b2f1a686 100644 (file)
--- a/src/setup/Makefile.am
+++ b/src/setup/Makefile.am
@@ -25,11 +25,16 @@ AM_CFLAGS = $(OUR_CFLAGS)
 AM_CXXFLAGS = $(OUR_CXXFLAGS)
 AM_LDFLAGS = $(OUR_LDFLAGS)
 
+sudodir = /etc/sudoers.d
+
 bin_SCRIPTS =
 sbin_PROGRAMS =
 
 #- setup -----------------------------------------------------------------------
 
+bin_SCRIPTS += \
+       run-setup
+
 sbin_PROGRAMS += \
        setup
 
@@ -56,3 +61,6 @@ setup_LDADD = \
 
 bin_SCRIPTS += \
        probenic.sh
+
+sudo_DATA = \
+       sudo/setup

diff --git a/src/setup/run-setup b/src/setup/run-setup
new file mode 100644 (file)
index 0000000..07b04cf
--- /dev/null
+++ b/src/setup/run-setup
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+# Runs setup and tries to gain root privileges
+exec sudo setup

diff --git a/src/setup/sudo/setup b/src/setup/sudo/setup
new file mode 100644 (file)
index 0000000..a3bbd7b
--- /dev/null
+++ b/src/setup/sudo/setup
@@ -0,0 +1,2 @@
+# The setup is allowed to run the setup command
+setup ALL=(ALL) NOPASSWD: /usr/sbin/setup