aws: Create "setup" user to run setup

Amazon does not permit that a user logs in as root directly. Instead they insist on using sudo. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2026-04-20 07:53:01 +02:00 · 2018-07-10 18:32:20 +01:00
parent 9aefd1ed07
commit 1413006b5b
5 changed files with 34 additions and 10 deletions
--- a/config/rootfiles/common/setup
+++ b/config/rootfiles/common/setup
@@ -1,4 +1,6 @@
+etc/sudoers.d/setup
 usr/bin/probenic.sh
+usr/bin/run-setup
 usr/sbin/setup
 usr/share/locale/ar/LC_MESSAGES/setup.mo
 usr/share/locale/ca/LC_MESSAGES/setup.mo
--- a/src/initscripts/helper/aws-setup
+++ b/src/initscripts/helper/aws-setup
@@ -84,19 +84,27 @@ import_aws_configuration() {
 		echo "DOMAINNAME=${hostname#*.}" >> /var/ipfire/main/settings
 	fi

+	# Create setup user
+	if ! getent passwd setup &>/dev/null; then
+		useradd -r setup -s /usr/bin/run-setup -g nobody -m
+	fi
+
 	# Import SSH keys
-	local line
-	for line in $(get "public-keys/"); do
-		local key_no="${line%=*}"
+	local user
+	for user in /root /home/setup; do
+		local line
+		for line in $(get "public-keys/"); do
+			local key_no="${line%=*}"

-		local key="$(get public-keys/${key_no}/openssh-key)"
-		if [ -n "${key}" ] && ! grep -q "^${key}$" /root/.ssh/authorized_keys 2>/dev/null; then
-			mkdir -p /root/.ssh
-			chmod 700 /root/.ssh
+			local key="$(get public-keys/${key_no}/openssh-key)"
+			if [ -n "${key}" ] && ! grep -q "^${key}$" "${user}/.ssh/authorized_keys" 2>/dev/null; then
+				mkdir -p "${user}/.ssh"
+				chmod 700 "${user}/.ssh"

-			echo "${key}" >> /root/.ssh/authorized_keys
-			chmod 600 /root/.ssh/authorized_keys
-		fi
+				echo "${key}" >> "${user}/.ssh/authorized_keys"
+				chmod 600 "${user}/.ssh/authorized_keys"
+			fi
+		done
 	done

 	# Import any DNS server settings
--- a/src/setup/Makefile.am
+++ b/src/setup/Makefile.am
@@ -25,11 +25,16 @@ AM_CFLAGS = $(OUR_CFLAGS)
 AM_CXXFLAGS = $(OUR_CXXFLAGS)
 AM_LDFLAGS = $(OUR_LDFLAGS)

+sudodir = /etc/sudoers.d
+
 bin_SCRIPTS =
 sbin_PROGRAMS =

 #- setup -----------------------------------------------------------------------

+bin_SCRIPTS += \
+	run-setup
+
 sbin_PROGRAMS += \
 	setup

@@ -56,3 +61,6 @@ setup_LDADD = \

 bin_SCRIPTS += \
 	probenic.sh
+
+sudo_DATA = \
+	sudo/setup
--- a/src/setup/run-setup
+++ b/src/setup/run-setup
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+# Runs setup and tries to gain root privileges
+exec sudo setup
--- a/src/setup/sudo/setup
+++ b/src/setup/sudo/setup
@@ -0,0 +1,2 @@
+# The setup is allowed to run the setup command
+setup ALL=(ALL) NOPASSWD: /usr/sbin/setup