Home Explore Help
Sign In
labriqueinternet
/
hotspot_ynh
mirror of https://github.com/labriqueinternet/hotspot_ynh
3
0
Fork 0
Files
Browse Source

create a dedicated system user with sudo permissions

keoma 6 years ago
parent
27092350fb
commit
5de8193998
4 changed files with 35 additions and 5 deletions
Split View Show Diff Stats
  1. 12 0
      conf/sudoers.conf
  2. 18 4
      scripts/install
  3. 4 0
      scripts/remove
  4. 1 1
      sources/controller.php

+ 12 - 0
conf/sudoers.conf
View File 

@@ -0,0 +1,12 @@
 
+Cmnd_Alias HOTSPOT_YUNOHOST = /usr/bin/yunohost app info hotspot *,\
 
+                              /usr/bin/yunohost app setting hotspot *,\
 
+                              /usr/bin/yunohost app setting vpnclient *
 
+
 
+Cmnd_Alias HOTSPOT_SERVICE  = /bin/systemctl stop ynh-hotspot,\
 
+                              /bin/systemctl start ynh-hotspot
 
+
 
+Cmnd_Alias HOTSPOT_MISC     = /usr/local/bin/ynh-hotspot *,\
 
+                              /usr/local/bin/iw_devices *,\
 
+                              /usr/local/bin/iw_multissid *
 
+
 
+__HOTSPOT_SYSUSER__ ALL = NOPASSWD: /bin/grep, HOTSPOT_YUNOHOST, HOTSPOT_SERVICE, HOTSPOT_MISC

+ 18 - 4
scripts/install
View File 

@@ -45,6 +45,7 @@ wifi_passphrase=$YNH_APP_ARG_WIFI_PASSPHRASE
 
 firmware_nonfree=$YNH_APP_ARG_FIRMWARE_NONFREE
 
 
 app=$YNH_APP_INSTANCE_NAME
 
+sysuser="${app}"
 
 
 # the service name must match the service template files
 
 service_name='ynh-hotspot'
 
@@ -197,6 +198,19 @@ ynh_app_setting_set $app ip4_nat_prefix 10.0.242
 
 ynh_app_setting_set $app vpnclient no
 
 ynh_app_setting_set $app service_name $service_name
 
 
+#=================================================
 
+# CREATE DEDICATED USER
 
+#=================================================
 
+
 
+# Ensure the app has its own system user
 
+if ! ynh_system_user_exists ${sysuser}
 
+then
 
+  ynh_system_user_create ${sysuser}
 
+fi
 
+
 
+# Ensure the system user has enough sudo permissions
 
+install -b -o root -g root -m 0440 ../conf/sudoers.conf /etc/sudoers.d/${app}_ynh
 
+ynh_replace_string "__HOTSPOT_SYSUSER__" "${sysuser}" /etc/sudoers.d/${app}_ynh
 
 
 #=================================================
 
 # INSTALL CUSTOM SCRIPTS
 
@@ -246,10 +260,10 @@ sed 's|<TPL:NGINX_REALPATH>|/var/www/wifiadmin/|g' -i "/etc/nginx/conf.d/${domai
 
 sed 's|<TPL:PHP_NAME>|wifiadmin|g' -i "/etc/nginx/conf.d/${domain}.d/wifiadmin.conf"
 
 
 ## php-fpm
 
-sed 's|<TPL:PHP_NAME>|wifiadmin|g' -i /etc/php5/fpm/pool.d/wifiadmin.conf
 
-sed 's|<TPL:PHP_USER>|admin|g' -i /etc/php5/fpm/pool.d/wifiadmin.conf
 
-sed 's|<TPL:PHP_GROUP>|admins|g' -i /etc/php5/fpm/pool.d/wifiadmin.conf
 
-sed 's|<TPL:NGINX_REALPATH>|/var/www/wifiadmin/|g' -i /etc/php5/fpm/pool.d/wifiadmin.conf
 
+sed "s|<TPL:PHP_NAME>|wifiadmin|g" -i /etc/php5/fpm/pool.d/wifiadmin.conf
 
+sed "s|<TPL:PHP_USER>|${sysuser}|g" -i /etc/php5/fpm/pool.d/wifiadmin.conf
 
+sed "s|<TPL:PHP_GROUP>|${sysuser}|g" -i /etc/php5/fpm/pool.d/wifiadmin.conf
 
+sed "s|<TPL:NGINX_REALPATH>|/var/www/wifiadmin/|g" -i /etc/php5/fpm/pool.d/wifiadmin.conf
 
 
 # Fix sources
 
 sed "s|<TPL:NGINX_LOCATION>|${path_url}|g" -i /var/www/wifiadmin/config.php

+ 4 - 0
scripts/remove
View File 

@@ -58,6 +58,7 @@ for FILE in $(ls /etc/hostapd/hostapd.conf{.tpl?,})
 
 do
 
     ynh_secure_remove "$FILE"
 
 done
 
+ynh_secure_remove /etc/sudoers.d/hotspot_ynh
 
 
 # Remove packages
 
 if [[ $firmware_nonfree == yes ]]; then
 
@@ -79,3 +80,6 @@ systemctl reload nginx
 
 
 # Remove sources
 
 ynh_secure_remove /var/www/wifiadmin/
 
+
 
+# Remove user
 
+ynh_system_user_delete ${app}

+ 1 - 1
sources/controller.php
View File 

@@ -47,7 +47,7 @@ function service_status() {
 
 }
 
 
 function service_faststatus() {
 
-  exec('sudo systemctl is-active hostapd', $output, $retcode);
 
+  exec('systemctl is-active hostapd', $output, $retcode);
 
 
   return $retcode;
 
 }