v2.1.0
linux-temp-admin v2.1.0
Adds an operation audit log and deprecates the legacy v1 bash tool. Recommended upgrade; no breaking changes.
New: operation audit log
Every privileged operation the tool performs is now recorded as one JSON line in a root-owned, append-only log at /var/log/linux-temp-admin/audit.log (mode 0600):
- account create / delete (and stale-entry cleanup), and install / uninstall / upgrade
- each entry records the time (UTC), the operator (the user behind
sudo, plus the effective uid), the pid, the action, the target account, the result, and key parameters (host, sudo, auto-revoke, fingerprint, …)
{"time":"2026-07-08T09:35:18Z","pid":1234,"actor":"alice","uid":0,"action":"account.create","target":"xxvcc-a1b2c3","result":"ok","fields":{"host":"203.0.113.5","sudo":"yes","auto":"yes","registered":"yes"}}Logging is best-effort — a write failure is reported but never blocks or fails the operation itself (so a full disk can't stop you revoking a compromised account). Note: an on-host log can be altered by root; forward it to a remote collector if you need tamper-evidence.
v1 (bash) tool deprecated
temp-admin.sh is no longer maintained. It still runs, but now prints a deprecation notice at startup pointing to the v2 Go tool. Suppress it with LTA_SUPPRESS_DEPRECATION=1. No further features or fixes will land in v1.
Upgrade an existing install
sudo linux-temp-admin upgradeVerifies the detached ed25519 signature against the embedded release key before installing (fail-closed).
Fresh install
curl -fsSL https://raw.githubusercontent.com/xxvcc/linux-temp-admin/main/scripts/install.sh | sudo shVerify manually (optional)
sha256sum -c SHA256SUMSFull changelog: https://github.com/xxvcc/linux-temp-admin/blob/main/CHANGELOG.md