deflogin: added sudoers security note

/etc/sudoers is persistent with regard to userdel(8) so removing a LiveCD user isn't going to drop this kind of the added privilege and might result in an unintended grant of those by adding a user with the same name after permanent LiveCD installation. This has been spotted by Speccyfighter: https://bugzilla.altlinux.org/31071
2015-06-16 13:00:29 +03:00 · 2015-06-16 13:00:29 +03:00 · b44e602802
commit b44e602802
parent 0dfab0cede
1 changed files with 1 additions and 0 deletions
--- a/features.in/deflogin/rootfs/image-scripts.d/50-users
+++ b/features.in/deflogin/rootfs/image-scripts.d/50-users
@ -18,6 +18,7 @@ set_password() { echo "$1:$2" | chpasswd; }

 set_admin() { usermod -a --groups "wheel" "$1"; }

+# NB: one must care to purge this from LiveCD if it's installed permanently
 set_sudo() {
 	[ ! -w "/etc/sudoers" ] ||
 		echo "$1	ALL=(ALL) ALL" >> "/etc/sudoers"