rooty/fab-manager
1
0
Fork 0
mirror of https://github.com/LaCasemate/fab-manager.git synced 2025-02-26 20:54:21 +01:00
Code Issues Releases Activity

[bug] unable to run the setup script if sudoers belong to another group than sudo

Browse Source
This commit is contained in:
Sylvain 2021-03-24 09:47:22 +01:00
parent 1749dea0e2
commit 7001888437
2 changed files with 55 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -16,6 +16,7 @@
- Fix a bug: recurring availabilities are not restricted to subscribers - Fix a bug: recurring availabilities are not restricted to subscribers
- Fix a bug: accounting exports may ignore some invoices for the first and last days - Fix a bug: accounting exports may ignore some invoices for the first and last days
- Fix a bug: accounting export caching is not working - Fix a bug: accounting export caching is not working
- Fix a bug: unable to run the setup script if sudoers belong to another group than sudo
- Fix a security issue: updated elliptic to 6.5.4 to fix [CVE-2020-28498](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28498) - Fix a security issue: updated elliptic to 6.5.4 to fix [CVE-2020-28498](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28498)
- [TODO DEPLOY] `\curl -sSL https://raw.githubusercontent.com/sleede/fab-manager/master/scripts/nginx-packs-directive.sh | bash` - [TODO DEPLOY] `\curl -sSL https://raw.githubusercontent.com/sleede/fab-manager/master/scripts/nginx-packs-directive.sh | bash`
- [TODO DEPLOY] `rails db:seed` - [TODO DEPLOY] `rails db:seed`

64
setup/setup.sh
View File

@ -26,12 +26,16 @@ welcome_message()
system_requirements() system_requirements()
{ {
if [ "$(whoami)" = "root" ]; then if is_root; then
echo "It is not recommended to run this script as root. As a normal user, elevation will be prompted if needed." echo "It is not recommended to run this script as root. As a normal user, elevation will be prompted if needed."
read -rp "Continue anyway? (Y/n) " confirm </dev/tty read -rp "Continue anyway? (Y/n) " confirm </dev/tty
if [[ "$confirm" = "n" ]]; then exit 1; fi if [[ "$confirm" = "n" ]]; then exit 1; fi
else else
local _groups=("sudo" "docker") if [ "$(has_sudo)" = 'no_sudo' ]; then
echo "You are not allowed to sudo. Please add $(whoami) to the sudoers before continuing."
exit 1
fi
local _groups=("docker")
for _group in "${_groups[@]}"; do for _group in "${_groups[@]}"; do
echo -e "detecting group $_group for current user..." echo -e "detecting group $_group for current user..."
if ! groups | grep "$_group"; then if ! groups | grep "$_group"; then
@ -53,6 +57,46 @@ system_requirements()
printf "\e[92m[ ✔ ] All requirements successfully checked.\e[39m \n\n" printf "\e[92m[ ✔ ] All requirements successfully checked.\e[39m \n\n"
} }
is_root()
{
return $(id -u)
}
has_sudo()
{
local prompt
prompt=$(sudo -nv 2>&1)
if [ $? -eq 0 ]; then
echo "has_sudo__pass_set"
elif echo $prompt | grep -q '^sudo:'; then
echo "has_sudo__needs_pass"
else
echo "no_sudo"
fi
}
elevate_cmd()
{
local cmd=$@
HAS_SUDO=$(has_sudo)
case "$HAS_SUDO" in
has_sudo__pass_set)
sudo $cmd
;;
has_sudo__needs_pass)
echo "Please supply sudo password for the following command: sudo $cmd"
sudo $cmd
;;
*)
echo "Please supply root password for the following command: su -c \"$cmd\""
su -c "$cmd"
;;
esac
}
read_email() read_email()
{ {
local email local email
@ -113,8 +157,8 @@ prepare_files()
read -rp "Continue? (Y/n) " confirm </dev/tty read -rp "Continue? (Y/n) " confirm </dev/tty
if [[ "$confirm" = "n" ]]; then exit 1; fi if [[ "$confirm" = "n" ]]; then exit 1; fi
sudo mkdir -p "$FABMANAGER_PATH/config" elevate_cmd mkdir -p "$FABMANAGER_PATH/config"
sudo chown -R "$(whoami)" "$FABMANAGER_PATH" elevate_cmd chown -R "$(whoami)" "$FABMANAGER_PATH"
mkdir -p "$FABMANAGER_PATH/elasticsearch/config" mkdir -p "$FABMANAGER_PATH/elasticsearch/config"
@ -205,9 +249,9 @@ prepare_letsencrypt()
echo "Now downloading and configuring the certificate signing bot..." echo "Now downloading and configuring the certificate signing bot..."
docker pull certbot/certbot:latest docker pull certbot/certbot:latest
sed -i.bak "s:/apps/fabmanager:$FABMANAGER_PATH:g" "$FABMANAGER_PATH/letsencrypt/systemd/letsencrypt.service" sed -i.bak "s:/apps/fabmanager:$FABMANAGER_PATH:g" "$FABMANAGER_PATH/letsencrypt/systemd/letsencrypt.service"
sudo cp "$FABMANAGER_PATH/letsencrypt/systemd/letsencrypt.service" /etc/systemd/system/letsencrypt.service elevate_cmd cp "$FABMANAGER_PATH/letsencrypt/systemd/letsencrypt.service" /etc/systemd/system/letsencrypt.service
sudo cp "$FABMANAGER_PATH/letsencrypt/systemd/letsencrypt.timer" /etc/systemd/system/letsencrypt.timer elevate_cmd cp "$FABMANAGER_PATH/letsencrypt/systemd/letsencrypt.timer" /etc/systemd/system/letsencrypt.timer
sudo systemctl daemon-reload elevate_cmd systemctl daemon-reload
fi fi
} }
@ -330,14 +374,14 @@ enable_ssl()
{ {
if [ "$LETSENCRYPT" != "n" ]; then if [ "$LETSENCRYPT" != "n" ]; then
# generate certificate # generate certificate
sudo systemctl start letsencrypt.service elevate_cmd systemctl start letsencrypt.service
# serve http content over ssl # serve http content over ssl
mv "$FABMANAGER_PATH/config/nginx/fabmanager.conf" "$FABMANAGER_PATH/config/nginx/fabmanager.conf.nossl" mv "$FABMANAGER_PATH/config/nginx/fabmanager.conf" "$FABMANAGER_PATH/config/nginx/fabmanager.conf.nossl"
mv "$FABMANAGER_PATH/config/nginx/fabmanager.conf.ssl" "$FABMANAGER_PATH/config/nginx/fabmanager.conf" mv "$FABMANAGER_PATH/config/nginx/fabmanager.conf.ssl" "$FABMANAGER_PATH/config/nginx/fabmanager.conf"
stop stop
start start
sudo systemctl enable letsencrypt.timer elevate_cmd systemctl enable letsencrypt.timer
sudo systemctl start letsencrypt.timer elevate_cmd systemctl start letsencrypt.timer
fi fi
} }