Make check for sudo privileges more accurate #375
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The existing method of checking if the Gravity Sync user has sudo rights is flawed, in that it will break if the user is not in the `sudo` group (on Debian based distros) or the `wheel` group (on CentOS/RHEL distros). A more accurate way of checking if a user has sudo privileges is using `sudo --validate` or `sudo -n true`; both of which return `0` if the user has sudo privileges. This commit updates the `validate_sudo_status` function to use `sudo --validate` so that Gravity Sync is actually checking if a user has sudo privileges, rather than just checking group memberships.
vmstan
added a commit
that referenced
this pull request
Jul 10, 2023
* Simple fix for podman to work; whitespace clean up (#396) * Fix set_pihole_exec to match full container names (#390) Fix set_pihole_exec to match full container names, rather than their substrings, by adding begin and end anchors to the 'docker ps -qf name=PATTERN' being used. Signed-off-by: William Blew <william@kulian.org> * Fix the detect_xxx_pihole routines. (#389) Fix the detect_xxx_pihole routines to respect the configurable PIHOLE_CONTAINER_IMAGE variable. The ghcr.io/pi-hole/pihole image is also released by the Pi-hole project, just as the pihole/pihole image. This commit enables ghcr.io image usage by adding the following to the /etc/gravity-sync.conf file: PIHOLE_CONTAINER_IMAGE='ghcr.io/pi-hole/pihole' Signed-off-by: William Blew <william@kulian.org> Co-authored-by: Michael Stanclift <mx@vmstan.com> * Make check for sudo privileges more accurate (#375) * Make check for sudo privileges more accurate The existing method of checking if the Gravity Sync user has sudo rights is flawed, in that it will break if the user is not in the `sudo` group (on Debian based distros) or the `wheel` group (on CentOS/RHEL distros). A more accurate way of checking if a user has sudo privileges is using `sudo --validate` or `sudo -n true`; both of which return `0` if the user has sudo privileges. This commit updates the `validate_sudo_status` function to use `sudo --validate` so that Gravity Sync is actually checking if a user has sudo privileges, rather than just checking group memberships. * Fix bug in patch --------- Co-authored-by: llamalump <29816026+llamalump@users.noreply.github.com> * Fix: GS_SSH_PORT can be changed now via 'gravity-sync config <NEW_PORT>' when already set in gravity-sync.conf. Fix: Initial sync of static DHCP and CNAME to 'empty pihole' now works. Enhancement: Various settings now settable via ENV vars (for Docker) (#384) * SSH custom port: Fixed bug, where GS_SSH_PORT is overwritten by gravity-sync.conf (if set) when calling 'gravity-sync config NEW_SSH_PORT'. Docker enhancements: Made many config-variables settable via ENV vars * Fixing initial push of CNAME and Static DHCP entries to an 'empty' remote (fixes #377) * Removing unecessary 'export' keyword * Fixed 'md5_recheck' for the bug #377 * Adding ENV documentation * Fixing typo * Fixed type and nicely formatted tables with emacs --------- Co-authored-by: Michael Stanclift <mx@vmstan.com> * Update VERSION * Update gravity-sync --------- Signed-off-by: William Blew <william@kulian.org> Co-authored-by: Matt Woodson <mwoodson@gmail.com> Co-authored-by: William Blew <william@kulian.org> Co-authored-by: Seb Thomson <29816026+rst-ack@users.noreply.github.com> Co-authored-by: llamalump <29816026+llamalump@users.noreply.github.com> Co-authored-by: Klaus Zipfel <30482165+systemofapwne@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The existing method of checking if the Gravity Sync user has sudo rights is flawed, in that it will break if the user is not in the
sudogroup (on Debian based distros) or thewheelgroup (on CentOS/RHEL distros).A more accurate way of checking if a user has sudo privileges is using
sudo --validateorsudo -n true; both of which return0if the user has sudo privileges.This commit updates the
validate_sudo_statusfunction to usesudo --validateso that Gravity Sync is actually checking if a user has sudo privileges, rather than just checking group memberships.