From a9dbb15b3d7f33525f89409de5ec80dc76daaf76 Mon Sep 17 00:00:00 2001
From: Jay Faulkner <jay@jvf.cc>
Date: Mon, 25 Nov 2024 14:52:43 -0800
Subject: [PATCH] Followup: Ensure devuser-created dir has sane perms

If we create /etc/sudoers.d, we now ensure we set it to a sane set of
permissions.

Change-Id: I0dfe27007fec009d701118065f437577f0852d16
---
 diskimage_builder/elements/devuser/install.d/50-devuser | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/diskimage_builder/elements/devuser/install.d/50-devuser b/diskimage_builder/elements/devuser/install.d/50-devuser
index 8819b34cc..2e0b4ad2a 100755
--- a/diskimage_builder/elements/devuser/install.d/50-devuser
+++ b/diskimage_builder/elements/devuser/install.d/50-devuser
@@ -19,7 +19,11 @@ fi
 set -x
 
 if [ -n "${DIB_DEV_USER_PWDLESS_SUDO}" ]; then
-    mkdir -p /etc/sudoers.d/
+    if [ ! -d /etc/sudoers.d/ ]; then
+        mkdir -p /etc/sudoers.d/
+        chmod 0750 /etc/sudoers.d/
+        chown root:root /etc/sudoers.d/
+    fi
     cat > /etc/sudoers.d/${DIB_DEV_USER_USERNAME} << EOF
 ${DIB_DEV_USER_USERNAME} ALL=(ALL) NOPASSWD:ALL
 EOF