From 85fa1ad8b10df65c28e18392044c037f606a3d7a Mon Sep 17 00:00:00 2001 From: lunardunno <126363523+lunardunno@users.noreply.github.com> Date: Sun, 1 Dec 2024 12:22:14 +0400 Subject: [PATCH 01/11] added check for the root user and the wheel group --- client/core/controllers/serverController.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/core/controllers/serverController.cpp b/client/core/controllers/serverController.cpp index b6795a01..dea1a40c 100644 --- a/client/core/controllers/serverController.cpp +++ b/client/core/controllers/serverController.cpp @@ -768,7 +768,7 @@ ErrorCode ServerController::isUserInSudo(const ServerCredentials &credentials, D const QString scriptData = amnezia::scriptData(SharedScriptType::check_user_in_sudo); ErrorCode error = runScript(credentials, replaceVars(scriptData, genVarsForScript(credentials)), cbReadStdOut, cbReadStdErr); - if (!stdOut.contains("sudo")) + if (credentials.userName != "root" && !stdOut.contains("sudo") && !stdOut.contains("wheel")) return ErrorCode::ServerUserNotInSudo; return error; From 076b076cd933f671e07f22b2b9fc91e55db79a16 Mon Sep 17 00:00:00 2001 From: lunardunno <126363523+lunardunno@users.noreply.github.com> Date: Sun, 1 Dec 2024 13:51:03 +0400 Subject: [PATCH 02/11] Verifying the server user to work with sudo (#1254) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * checking that the username is root Changing the mechanism for checking that the username is root * wheel group check (#1198) Checking if the user is included in the wheel group * Checking requirements in script (#1210) * Checking requirements in script Checking requirements for sudo users in script * Adding error handling Adding error handling in the server controller for: Sudo package is not pre-installed for sudo users. Server user or associated group is not listed in the sudoers file. Server user password required * adding error codes * added extended error descriptions * checking sudo permission for root Сhecking sudo permission for root. Сhecking and redefining the system language. * Username if whoami returns an error Сommand to use home directory name if whoami returns error or is missing. * Correcting text error Correction of the text of the extended description of the package manager error * Updating translations * Optimization check_user_in_sudo.sh * exceptions for missing uname * output only for groups sudo or wheel --- client/core/controllers/serverController.cpp | 10 ++++++---- client/core/defs.h | 3 +++ client/core/errorstrings.cpp | 7 +++++-- client/server_scripts/check_user_in_sudo.sh | 6 ++++-- client/server_scripts/prepare_host.sh | 2 +- client/translations/amneziavpn_ar_EG.ts | 6 +++--- client/translations/amneziavpn_fa_IR.ts | 8 ++++---- client/translations/amneziavpn_hi_IN.ts | 8 ++++---- client/translations/amneziavpn_my_MM.ts | 8 ++++---- client/translations/amneziavpn_ru_RU.ts | 6 +++--- client/translations/amneziavpn_uk_UA.ts | 8 ++++---- client/translations/amneziavpn_ur_PK.ts | 6 +++--- client/translations/amneziavpn_zh_CN.ts | 8 ++++---- 13 files changed, 48 insertions(+), 38 deletions(-) diff --git a/client/core/controllers/serverController.cpp b/client/core/controllers/serverController.cpp index dea1a40c..17f02383 100644 --- a/client/core/controllers/serverController.cpp +++ b/client/core/controllers/serverController.cpp @@ -751,10 +751,6 @@ ErrorCode ServerController::isServerPortBusy(const ServerCredentials &credential ErrorCode ServerController::isUserInSudo(const ServerCredentials &credentials, DockerContainer container) { - if (credentials.userName == "root") { - return ErrorCode::NoError; - } - QString stdOut; auto cbReadStdOut = [&](const QString &data, libssh::Client &) { stdOut += data + "\n"; @@ -770,6 +766,12 @@ ErrorCode ServerController::isUserInSudo(const ServerCredentials &credentials, D if (credentials.userName != "root" && !stdOut.contains("sudo") && !stdOut.contains("wheel")) return ErrorCode::ServerUserNotInSudo; + if (stdOut.contains("sudo:") && !stdOut.contains("uname:") && stdOut.contains("not found")) + return ErrorCode::SudoPackageIsNotPreinstalled; + if (stdOut.contains("sudoers")) + return ErrorCode::ServerUserNotAllowedInSudoers; + if (stdOut.contains("password is required")) + return ErrorCode::ServerUserPasswordRequired; return error; } diff --git a/client/core/defs.h b/client/core/defs.h index d00d347b..ea8e5b6d 100644 --- a/client/core/defs.h +++ b/client/core/defs.h @@ -56,6 +56,9 @@ namespace amnezia ServerCancelInstallation = 204, ServerUserNotInSudo = 205, ServerPacketManagerError = 206, + SudoPackageIsNotPreinstalled = 207, + ServerUserNotAllowedInSudoers = 208, + ServerUserPasswordRequired = 209, // Ssh connection errors SshRequestDeniedError = 300, diff --git a/client/core/errorstrings.cpp b/client/core/errorstrings.cpp index 49534606..b5594d52 100644 --- a/client/core/errorstrings.cpp +++ b/client/core/errorstrings.cpp @@ -19,8 +19,11 @@ QString errorString(ErrorCode code) { case(ErrorCode::ServerContainerMissingError): errorMessage = QObject::tr("Server error: Docker container missing"); break; case(ErrorCode::ServerDockerFailedError): errorMessage = QObject::tr("Server error: Docker failed"); break; case(ErrorCode::ServerCancelInstallation): errorMessage = QObject::tr("Installation canceled by user"); break; - case(ErrorCode::ServerUserNotInSudo): errorMessage = QObject::tr("The user does not have permission to use sudo"); break; - case(ErrorCode::ServerPacketManagerError): errorMessage = QObject::tr("Server error: Packet manager error"); break; + case(ErrorCode::ServerUserNotInSudo): errorMessage = QObject::tr("The user is not a member of the sudo group"); break; + case(ErrorCode::ServerPacketManagerError): errorMessage = QObject::tr("Server error: Package manager error"); break; + case(ErrorCode::SudoPackageIsNotPreinstalled): errorMessage = QObject::tr("The sudo package is not pre-installed"); break; + case(ErrorCode::ServerUserNotAllowedInSudoers): errorMessage = QObject::tr("The user is not allowed in sudoers"); break; + case(ErrorCode::ServerUserPasswordRequired): errorMessage = QObject::tr("The user's password is required"); break; // Libssh errors case(ErrorCode::SshRequestDeniedError): errorMessage = QObject::tr("SSH request was denied"); break; diff --git a/client/server_scripts/check_user_in_sudo.sh b/client/server_scripts/check_user_in_sudo.sh index e7ee953c..0f362394 100644 --- a/client/server_scripts/check_user_in_sudo.sh +++ b/client/server_scripts/check_user_in_sudo.sh @@ -1,2 +1,4 @@ -CUR_USER=$(whoami);\ -groups $CUR_USER \ No newline at end of file +CUR_USER=$(whoami 2> /dev/null || echo ~ | sed 's/.*\///');\ +echo $LANG | grep -qE "en_US.UTF-8|^C.UTF-8" || export LC_ALL=C;\ +if [ "$CUR_USER" = "root" ]; then command -v sudo > /dev/null 2>&1 && sudo -nu $CUR_USER sudo -n uname > /dev/null;\ +else groups $CUR_USER | grep -E "\|\" && sudo -nu $CUR_USER sudo -n uname > /dev/null; fi diff --git a/client/server_scripts/prepare_host.sh b/client/server_scripts/prepare_host.sh index c6defdb0..d06bdafb 100644 --- a/client/server_scripts/prepare_host.sh +++ b/client/server_scripts/prepare_host.sh @@ -1,4 +1,4 @@ -CUR_USER=$(whoami);\ +CUR_USER=$(whoami 2> /dev/null || echo ~ | sed 's/.*\///');\ sudo mkdir -p $DOCKERFILE_FOLDER;\ sudo chown $CUR_USER $DOCKERFILE_FOLDER;\ if ! sudo docker network ls | grep -q amnezia-dns-net; then sudo docker network create \ diff --git a/client/translations/amneziavpn_ar_EG.ts b/client/translations/amneziavpn_ar_EG.ts index e176d8eb..7a092a74 100644 --- a/client/translations/amneziavpn_ar_EG.ts +++ b/client/translations/amneziavpn_ar_EG.ts @@ -3254,8 +3254,8 @@ Already installed containers were found on the server. All installed containers - The user does not have permission to use sudo - ليس لدي المستخدم الصلحيات لأستخدام sudo + The user is not a member of the sudo group + المستخدم ليس عضوًا في مجموعة sudo @@ -3319,7 +3319,7 @@ Already installed containers were found on the server. All installed containers - Server error: Packet manager error + Server error: Package manager error خطأ في الخادم: خطأ في مدير الحزم diff --git a/client/translations/amneziavpn_fa_IR.ts b/client/translations/amneziavpn_fa_IR.ts index 6cd78e77..80de1287 100644 --- a/client/translations/amneziavpn_fa_IR.ts +++ b/client/translations/amneziavpn_fa_IR.ts @@ -3388,8 +3388,8 @@ It's okay as long as it's from someone you trust. - The user does not have permission to use sudo - The user does not have permission to use sudo + The user is not a member of the sudo group + کاربر عضو گروه sudo نیست @@ -3510,8 +3510,8 @@ It's okay as long as it's from someone you trust. - Server error: Packet manager error - Server error: Packet manager error + Server error: Package manager error + خطای سرور: خطای مدیر بسته diff --git a/client/translations/amneziavpn_hi_IN.ts b/client/translations/amneziavpn_hi_IN.ts index ab459b7c..5255fce3 100644 --- a/client/translations/amneziavpn_hi_IN.ts +++ b/client/translations/amneziavpn_hi_IN.ts @@ -3354,13 +3354,13 @@ Already installed containers were found on the server. All installed containers - The user does not have permission to use sudo - उपयोगकर्ता के पास sudo का उपयोग करने की अनुमति नहीं है + The user is not a member of the sudo group + उपयोगकर्ता sudo समूह का सदस्य नहीं है - Server error: Packet manager error - सर्वर त्रुटि: पैकेट प्रबंधक त्रुटि + Server error: Package manager error + सर्वर त्रुटि: पैकेज प्रबंधक त्रुटि diff --git a/client/translations/amneziavpn_my_MM.ts b/client/translations/amneziavpn_my_MM.ts index 3e964cc9..101abae5 100644 --- a/client/translations/amneziavpn_my_MM.ts +++ b/client/translations/amneziavpn_my_MM.ts @@ -3250,8 +3250,8 @@ Already installed containers were found on the server. All installed containers - The user does not have permission to use sudo - ဤအသုံးပြုသူသည် sudo ကိုအသုံးပြုရန်ခွင့်ပြုချက်မရှိပါ + The user is not a member of the sudo group + ဤအသုံးပြုသူသည် sudo အဖွဲ့၏ အဖွဲ့ဝင်မဟုတ်ပါ @@ -3315,8 +3315,8 @@ Already installed containers were found on the server. All installed containers - Server error: Packet manager error - ဆာဗာ မှားယွင်းမှု: Packet Manager မှားယွင်းမှု + Server error: Package manager error + ဆာဗာ အမှား- Package manager အမှား diff --git a/client/translations/amneziavpn_ru_RU.ts b/client/translations/amneziavpn_ru_RU.ts index 2fb21259..085e868a 100644 --- a/client/translations/amneziavpn_ru_RU.ts +++ b/client/translations/amneziavpn_ru_RU.ts @@ -3524,12 +3524,12 @@ and will not be shared or disclosed to the Amnezia or any third parties - The user does not have permission to use sudo - У пользователя нет прав на использование sudo + The user is not a member of the sudo group + Пользователь не входит в группу sudo - Server error: Packet manager error + Server error: Package manager error Ошибка сервера: ошибка менеджера пакетов diff --git a/client/translations/amneziavpn_uk_UA.ts b/client/translations/amneziavpn_uk_UA.ts index c7195119..c0d3e439 100644 --- a/client/translations/amneziavpn_uk_UA.ts +++ b/client/translations/amneziavpn_uk_UA.ts @@ -3620,13 +3620,13 @@ and will not be shared or disclosed to the Amnezia or any third parties - The user does not have permission to use sudo - The user does not have permission to use sudo + The user is not a member of the sudo group + Користувач не входить до групи sudo - Server error: Packet manager error - + Server error: Package manager error + Помилка сервера: помилка менеджера пакетів diff --git a/client/translations/amneziavpn_ur_PK.ts b/client/translations/amneziavpn_ur_PK.ts index cf445bfa..93057609 100644 --- a/client/translations/amneziavpn_ur_PK.ts +++ b/client/translations/amneziavpn_ur_PK.ts @@ -3353,8 +3353,8 @@ Already installed containers were found on the server. All installed containers - The user does not have permission to use sudo - صارف کو sudo استعمال کرنے کی اجازت نہیں ہے + The user is not a member of the sudo group + صارف sudo گروپ کا رکن نہیں ہے @@ -3418,7 +3418,7 @@ Already installed containers were found on the server. All installed containers - Server error: Packet manager error + Server error: Package manager error سرور خطا: پیکیج منیجر خطا diff --git a/client/translations/amneziavpn_zh_CN.ts b/client/translations/amneziavpn_zh_CN.ts index 39b6bee0..0de2dace 100644 --- a/client/translations/amneziavpn_zh_CN.ts +++ b/client/translations/amneziavpn_zh_CN.ts @@ -3603,13 +3603,13 @@ and will not be shared or disclosed to the Amnezia or any third parties - The user does not have permission to use sudo - 用户没有root权限 + The user is not a member of the sudo group + 用户不是 sudo 组的成员 - Server error: Packet manager error - + Server error: Package manager error + 服务器错误:包管理器错误 From 62497024f96f93cc733d6db62d94de0a4fd7263f Mon Sep 17 00:00:00 2001 From: lunardunno <126363523+lunardunno@users.noreply.github.com> Date: Sun, 8 Dec 2024 14:22:10 +0400 Subject: [PATCH 03/11] script simplification Simplifying the script for later adding an exception for root to the server controller --- client/server_scripts/check_user_in_sudo.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/client/server_scripts/check_user_in_sudo.sh b/client/server_scripts/check_user_in_sudo.sh index 0f362394..21b3cfab 100644 --- a/client/server_scripts/check_user_in_sudo.sh +++ b/client/server_scripts/check_user_in_sudo.sh @@ -1,4 +1,3 @@ CUR_USER=$(whoami 2> /dev/null || echo ~ | sed 's/.*\///');\ echo $LANG | grep -qE "en_US.UTF-8|^C.UTF-8" || export LC_ALL=C;\ -if [ "$CUR_USER" = "root" ]; then command -v sudo > /dev/null 2>&1 && sudo -nu $CUR_USER sudo -n uname > /dev/null;\ -else groups $CUR_USER | grep -E "\|\" && sudo -nu $CUR_USER sudo -n uname > /dev/null; fi +[ "$CUR_USER" = "root" ] || groups $CUR_USER | grep -E "\|\" && sudo -nu $CUR_USER sudo -n uname > /dev/null From 45fb4b0982fcd6265e76f0543e2d411cc11b0a59 Mon Sep 17 00:00:00 2001 From: lunardunno <126363523+lunardunno@users.noreply.github.com> Date: Sun, 8 Dec 2024 14:31:23 +0400 Subject: [PATCH 04/11] exception for root Exception for root if sudo package is not installed --- client/core/controllers/serverController.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/core/controllers/serverController.cpp b/client/core/controllers/serverController.cpp index 17f02383..ba589da5 100644 --- a/client/core/controllers/serverController.cpp +++ b/client/core/controllers/serverController.cpp @@ -766,7 +766,7 @@ ErrorCode ServerController::isUserInSudo(const ServerCredentials &credentials, D if (credentials.userName != "root" && !stdOut.contains("sudo") && !stdOut.contains("wheel")) return ErrorCode::ServerUserNotInSudo; - if (stdOut.contains("sudo:") && !stdOut.contains("uname:") && stdOut.contains("not found")) + if (credentials.userName != "root" && stdOut.contains("sudo:") && !stdOut.contains("uname:") && stdOut.contains("not found")) return ErrorCode::SudoPackageIsNotPreinstalled; if (stdOut.contains("sudoers")) return ErrorCode::ServerUserNotAllowedInSudoers; From 2b85dafa1538b3805cf99c5466d322f5da5dc51d Mon Sep 17 00:00:00 2001 From: lunardunno <126363523+lunardunno@users.noreply.github.com> Date: Mon, 9 Dec 2024 08:31:19 +0400 Subject: [PATCH 05/11] =?UTF-8?q?=D1=81hanged=20extended=20description?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Changed extended description for: not allowed in sudoers. --- client/core/errorstrings.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/core/errorstrings.cpp b/client/core/errorstrings.cpp index b5594d52..9c847501 100644 --- a/client/core/errorstrings.cpp +++ b/client/core/errorstrings.cpp @@ -22,7 +22,7 @@ QString errorString(ErrorCode code) { case(ErrorCode::ServerUserNotInSudo): errorMessage = QObject::tr("The user is not a member of the sudo group"); break; case(ErrorCode::ServerPacketManagerError): errorMessage = QObject::tr("Server error: Package manager error"); break; case(ErrorCode::SudoPackageIsNotPreinstalled): errorMessage = QObject::tr("The sudo package is not pre-installed"); break; - case(ErrorCode::ServerUserNotAllowedInSudoers): errorMessage = QObject::tr("The user is not allowed in sudoers"); break; + case(ErrorCode::ServerUserNotAllowedInSudoers): errorMessage = QObject::tr("Action not allowed in sudoers"); break; case(ErrorCode::ServerUserPasswordRequired): errorMessage = QObject::tr("The user's password is required"); break; // Libssh errors From 055c8f7b668a11df474e1fe6cbf2de738c0c58ff Mon Sep 17 00:00:00 2001 From: lunardunno <126363523+lunardunno@users.noreply.github.com> Date: Mon, 9 Dec 2024 08:51:55 +0400 Subject: [PATCH 06/11] splitting the sudo check script The sudo command check script is split to check permissions correctly --- client/server_scripts/check_user_in_sudo.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/server_scripts/check_user_in_sudo.sh b/client/server_scripts/check_user_in_sudo.sh index 21b3cfab..9bb57772 100644 --- a/client/server_scripts/check_user_in_sudo.sh +++ b/client/server_scripts/check_user_in_sudo.sh @@ -1,3 +1,3 @@ CUR_USER=$(whoami 2> /dev/null || echo ~ | sed 's/.*\///');\ echo $LANG | grep -qE "en_US.UTF-8|^C.UTF-8" || export LC_ALL=C;\ -[ "$CUR_USER" = "root" ] || groups $CUR_USER | grep -E "\|\" && sudo -nu $CUR_USER sudo -n uname > /dev/null +[ "$CUR_USER" = "root" ] || groups $CUR_USER | grep -E "\|\" && sudo -nu $CUR_USER uname > /dev/null && sudo -n uname > /dev/null From c9423dd9afc2eaf0bc509571793a5d9d28fc653f Mon Sep 17 00:00:00 2001 From: lunardunno <126363523+lunardunno@users.noreply.github.com> Date: Mon, 9 Dec 2024 15:31:58 +0400 Subject: [PATCH 07/11] improved script readability --- client/server_scripts/check_user_in_sudo.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/client/server_scripts/check_user_in_sudo.sh b/client/server_scripts/check_user_in_sudo.sh index 9bb57772..7d748483 100644 --- a/client/server_scripts/check_user_in_sudo.sh +++ b/client/server_scripts/check_user_in_sudo.sh @@ -1,3 +1,5 @@ CUR_USER=$(whoami 2> /dev/null || echo ~ | sed 's/.*\///');\ echo $LANG | grep -qE "en_US.UTF-8|^C.UTF-8" || export LC_ALL=C;\ -[ "$CUR_USER" = "root" ] || groups $CUR_USER | grep -E "\|\" && sudo -nu $CUR_USER uname > /dev/null && sudo -n uname > /dev/null +if [ "$CUR_USER" = "root" ] || groups $CUR_USER | grep -E "\|\";\ +then sudo -nu $CUR_USER uname > /dev/null && sudo -n uname > /dev/null;\ +fi From ce4cb28e747ac63bb206900ebe9744a5edf571a2 Mon Sep 17 00:00:00 2001 From: lunardunno <126363523+lunardunno@users.noreply.github.com> Date: Tue, 10 Dec 2024 05:44:55 +0400 Subject: [PATCH 08/11] improved script readability --- client/server_scripts/check_user_in_sudo.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/client/server_scripts/check_user_in_sudo.sh b/client/server_scripts/check_user_in_sudo.sh index 7d748483..27a9772d 100644 --- a/client/server_scripts/check_user_in_sudo.sh +++ b/client/server_scripts/check_user_in_sudo.sh @@ -1,5 +1,5 @@ CUR_USER=$(whoami 2> /dev/null || echo ~ | sed 's/.*\///');\ -echo $LANG | grep -qE "en_US.UTF-8|^C.UTF-8" || export LC_ALL=C;\ -if [ "$CUR_USER" = "root" ] || groups $CUR_USER | grep -E "\|\";\ -then sudo -nu $CUR_USER uname > /dev/null && sudo -n uname > /dev/null;\ +echo $LANG | grep -qE "^(en_US.UTF-8|C.UTF-8|C)$" || export LC_ALL=C;\ +if groups $CUR_USER | grep -E "\<(sudo|wheel)\>" || [ "$CUR_USER" = "root" ]; then \ + sudo -nu $CUR_USER uname > /dev/null && sudo -n uname > /dev/null;\ fi From 795ccaa08092f7150861491c38cdfc9bb23cbb22 Mon Sep 17 00:00:00 2001 From: lunardunno <126363523+lunardunno@users.noreply.github.com> Date: Tue, 10 Dec 2024 06:13:08 +0400 Subject: [PATCH 09/11] added timestamp removal for sudo --- client/server_scripts/check_user_in_sudo.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/server_scripts/check_user_in_sudo.sh b/client/server_scripts/check_user_in_sudo.sh index 27a9772d..23059ad5 100644 --- a/client/server_scripts/check_user_in_sudo.sh +++ b/client/server_scripts/check_user_in_sudo.sh @@ -1,5 +1,5 @@ CUR_USER=$(whoami 2> /dev/null || echo ~ | sed 's/.*\///');\ echo $LANG | grep -qE "^(en_US.UTF-8|C.UTF-8|C)$" || export LC_ALL=C;\ if groups $CUR_USER | grep -E "\<(sudo|wheel)\>" || [ "$CUR_USER" = "root" ]; then \ - sudo -nu $CUR_USER uname > /dev/null && sudo -n uname > /dev/null;\ + sudo -K && sudo -nu $CUR_USER uname > /dev/null && sudo -n uname > /dev/null;\ fi From 7b2a4ea9220444af574e588213d7e7b6f7e7168d Mon Sep 17 00:00:00 2001 From: lunardunno <126363523+lunardunno@users.noreply.github.com> Date: Tue, 10 Dec 2024 20:14:29 +0400 Subject: [PATCH 10/11] improved script readability --- client/server_scripts/check_user_in_sudo.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/client/server_scripts/check_user_in_sudo.sh b/client/server_scripts/check_user_in_sudo.sh index 23059ad5..411c3b42 100644 --- a/client/server_scripts/check_user_in_sudo.sh +++ b/client/server_scripts/check_user_in_sudo.sh @@ -1,5 +1,5 @@ CUR_USER=$(whoami 2> /dev/null || echo ~ | sed 's/.*\///');\ -echo $LANG | grep -qE "^(en_US.UTF-8|C.UTF-8|C)$" || export LC_ALL=C;\ -if groups $CUR_USER | grep -E "\<(sudo|wheel)\>" || [ "$CUR_USER" = "root" ]; then \ +echo $LANG | grep -qE '^(en_US.UTF-8|C.UTF-8|C)$' || export LC_ALL=C;\ +if [ "$CUR_USER" = "root" ] || ( groups "$CUR_USER" | grep -E '\<(sudo|wheel)\>' ); then \ sudo -K && sudo -nu $CUR_USER uname > /dev/null && sudo -n uname > /dev/null;\ fi From db83555a0324b66af18e178fecb475f1670d7579 Mon Sep 17 00:00:00 2001 From: lunardunno <126363523+lunardunno@users.noreply.github.com> Date: Thu, 16 Jan 2025 01:14:42 +0400 Subject: [PATCH 11/11] Checking server user permissions to use sudo Checking server user permissions to use sudo using a package manager. --- client/server_scripts/check_user_in_sudo.sh | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/client/server_scripts/check_user_in_sudo.sh b/client/server_scripts/check_user_in_sudo.sh index e7ee953c..a1413942 100644 --- a/client/server_scripts/check_user_in_sudo.sh +++ b/client/server_scripts/check_user_in_sudo.sh @@ -1,2 +1,11 @@ -CUR_USER=$(whoami);\ -groups $CUR_USER \ No newline at end of file +if which apt-get > /dev/null 2>&1; then pm=$(which apt-get); opt="--version";\ +elif which dnf > /dev/null 2>&1; then pm=$(which dnf); opt="--version";\ +elif which yum > /dev/null 2>&1; then pm=$(which yum); opt="--version";\ +elif which pacman > /dev/null 2>&1; then pm=$(which pacman); opt="--version";\ +else pm="uname"; opt="-a";\ +fi;\ +CUR_USER=$(whoami 2> /dev/null || echo ~ | sed 's/.*\///');\ +echo $LANG | grep -qE '^(en_US.UTF-8|C.UTF-8|C)$' || export LC_ALL=C;\ +if [ "$CUR_USER" = "root" ] || ( groups "$CUR_USER" | grep -E '\<(sudo|wheel)\>' ); then \ + sudo -K && sudo -nu $CUR_USER $pm $opt > /dev/null && sudo -n $pm $opt > /dev/null;\ +fi