'[Tails-dev] [PATCH] Disable usage of su and ask the user to use sudo instead (refs:15583)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tails-dev
Subject:    [Tails-dev] [PATCH] Disable usage of su and ask the user to use sudo instead (refs:15583)
From:       Faisal Mehmood <f.m3hm00d () gmail ! com>
Date:       2018-11-28 17:23:26
Message-ID: 20181128172326.GA32107 () Fulcrum
[Download RAW message or body]

This commit contains a new chroot hook file. The hook, upon execution by
live-build, will add a function 'su' to '/etc/bash.bashrc'. The
function 'su' is supposed to intercept calls to 'su' and take these
steps:

1. Ask the user to set the administration password, if not already
set.
2. Ask the user to use sudo instead of su.
---
 .../51-replace_su_with_sudo                   | 30 +++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100755 config/chroot_local-hooks/51-replace_su_with_sudo

diff --git a/config/chroot_local-hooks/51-replace_su_with_sudo \
b/config/chroot_local-hooks/51-replace_su_with_sudo new file mode 100755
index 0000000000..c75b11b727
--- /dev/null
+++ b/config/chroot_local-hooks/51-replace_su_with_sudo
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+set -e
+
+# Replace su by a message to use sudo
+# https://redmine.tails.boum.org/code/issues/15583
+
+echo "Disabling usage of su"
+
+OPTS_FILE='/etc/bash.bashrc'
+NO_PASSWORD_LECTURE_FILE='/etc/sudoers.d/tails-greeter-no-password-lecture'
+
+cat <<EOF>> "${OPTS_FILE}"
+su (){
+    if [ -f "${NO_PASSWORD_LECTURE_FILE}" ]; then
+        echo By default, the administration password is disabled for better \
security. +        echo
+        echo In order to perform administration tasks, you need to setup an
+        echo administration password when starting Tails.
+        echo
+        echo Then execute commands with sudo.
+        echo
+        echo See the corresponding documentation:
+        echo https://tails.boum.org/administration_password/
+        echo
+    fi
+
+    echo su is disabled. Please use sudo instead.
+}
+EOF
-- 
2.19.1

_______________________________________________
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to Tails-dev-unsubscribe@boum.org.


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic