Skip to content

v2.0.1

Choose a tag to compare

@github-actions github-actions released this 08 Jul 08:26

linux-temp-admin v2.0.1

A security & correctness patch for the v2 Go tool, from a multi-pass audit of the rewrite. No new features, and no command or flag changes — behavior is identical except for one stricter safety check in revoke (below). Upgrading is recommended.

What changed

  • Safer revocation. revoke no longer deletes a real (non-managed) account just because a leftover registry entry happens to share its name. Deleting a normal-UID (≥1000) account now requires the tool's own per-account marker, so a reused username can never cause a real user — and its home directory — to be removed. The "is this a managed account" check is now an exact match instead of a substring.
  • No lingering sudo after a failed grant. If a NOPASSWD sudo grant during invite fails its verification step, the sudoers drop-in is always removed — a failed grant can never leave an untracked NOPASSWD entry behind.
  • Correct pre-release upgrade ordering. upgrade now compares pre-release versions numerically (rc10 is newer than rc9), closing a gap that could otherwise accept a signed older pre-release or skip a genuine pre-release upgrade. (Stable X.Y.Z releases were always compared correctly.)
  • Stricter public-IP auto-detection. The external "what's my IP" fallback now rejects private / reserved / loopback addresses, so it can't put a bogus non-public address into an invite.
  • Fail-closed hardening. The SSH-key write is refused if the target home directory's owner can't be determined; install refuses to replace an existing binary it can't read back unless --force is passed.

Install

curl -fsSL https://raw.githubusercontent.com/xxvcc/linux-temp-admin/main/scripts/install.sh | sudo sh

The installer downloads the release binary for your architecture over HTTPS and checks its SHA-256 against the published SHA256SUMS before installing.

Upgrade an existing install

sudo linux-temp-admin upgrade

upgrade downloads the new binary over HTTPS and verifies its detached ed25519 signature against the release key embedded in the tool, failing closed on any mismatch — so it will only install this signed release.

Verify manually (optional)

sha256sum -c SHA256SUMS                    # checksums of the assets below

Each binary also ships a detached .sig (raw 64-byte ed25519 signature over the binary), which the tool verifies automatically during upgrade.

Assets

file notes
linux-temp-admin-linux-amd64 x86-64 static binary
linux-temp-admin-linux-arm64 arm64 static binary
*.sig detached ed25519 signatures
SHA256SUMS checksums for all of the above

Full changelog: https://github.com/xxvcc/linux-temp-admin/blob/main/CHANGELOG.md