v2.0.1
linux-temp-admin v2.0.1
A security & correctness patch for the v2 Go tool, from a multi-pass audit of the rewrite. No new features, and no command or flag changes — behavior is identical except for one stricter safety check in revoke (below). Upgrading is recommended.
What changed
- Safer revocation.
revokeno longer deletes a real (non-managed) account just because a leftover registry entry happens to share its name. Deleting a normal-UID (≥1000) account now requires the tool's own per-account marker, so a reused username can never cause a real user — and its home directory — to be removed. The "is this a managed account" check is now an exact match instead of a substring. - No lingering sudo after a failed grant. If a NOPASSWD sudo grant during
invitefails its verification step, the sudoers drop-in is always removed — a failed grant can never leave an untracked NOPASSWD entry behind. - Correct pre-release upgrade ordering.
upgradenow compares pre-release versions numerically (rc10is newer thanrc9), closing a gap that could otherwise accept a signed older pre-release or skip a genuine pre-release upgrade. (StableX.Y.Zreleases were always compared correctly.) - Stricter public-IP auto-detection. The external "what's my IP" fallback now rejects private / reserved / loopback addresses, so it can't put a bogus non-public address into an invite.
- Fail-closed hardening. The SSH-key write is refused if the target home directory's owner can't be determined;
installrefuses to replace an existing binary it can't read back unless--forceis passed.
Install
curl -fsSL https://raw.githubusercontent.com/xxvcc/linux-temp-admin/main/scripts/install.sh | sudo shThe installer downloads the release binary for your architecture over HTTPS and checks its SHA-256 against the published SHA256SUMS before installing.
Upgrade an existing install
sudo linux-temp-admin upgradeupgrade downloads the new binary over HTTPS and verifies its detached ed25519 signature against the release key embedded in the tool, failing closed on any mismatch — so it will only install this signed release.
Verify manually (optional)
sha256sum -c SHA256SUMS # checksums of the assets belowEach binary also ships a detached .sig (raw 64-byte ed25519 signature over the binary), which the tool verifies automatically during upgrade.
Assets
| file | notes |
|---|---|
linux-temp-admin-linux-amd64 |
x86-64 static binary |
linux-temp-admin-linux-arm64 |
arm64 static binary |
*.sig |
detached ed25519 signatures |
SHA256SUMS |
checksums for all of the above |
Full changelog: https://github.com/xxvcc/linux-temp-admin/blob/main/CHANGELOG.md