Followup: Ensure devuser-created dir has sane perms

If we create /etc/sudoers.d, we now ensure we set it to a sane set of permissions. Change-Id: I0dfe27007fec009d701118065f437577f0852d16
2024-11-25 14:52:43 -08:00 · 2024-11-25 14:52:43 -08:00 · a9dbb15b3d
commit a9dbb15b3d
parent f831b3d0b6
1 changed files with 5 additions and 1 deletions
--- a/diskimage_builder/elements/devuser/install.d/50-devuser
+++ b/diskimage_builder/elements/devuser/install.d/50-devuser
@ -19,7 +19,11 @@ fi
 set -x

 if [ -n "${DIB_DEV_USER_PWDLESS_SUDO}" ]; then
-    mkdir -p /etc/sudoers.d/
+    if [ ! -d /etc/sudoers.d/ ]; then
+        mkdir -p /etc/sudoers.d/
+        chmod 0750 /etc/sudoers.d/
+        chown root:root /etc/sudoers.d/
+    fi
    cat > /etc/sudoers.d/${DIB_DEV_USER_USERNAME} << EOF
 ${DIB_DEV_USER_USERNAME} ALL=(ALL) NOPASSWD:ALL
 EOF