From fa0597a8ed36e7cbdcbe8fbab4e3300c5b5850a0 Mon Sep 17 00:00:00 2001 From: Florian Wilhelm Date: Tue, 12 Sep 2023 13:55:32 +0200 Subject: [PATCH] Create non-root user --- README.md | 4 ++-- features/ostree/exec.late | 5 +++++ .../systemd/system/serial-getty@.service.d/autologin.conf | 2 +- features/ostree/image.ostree.raw | 3 +++ features/ostree/pkg.include | 1 + 5 files changed, 12 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index c3ff98c..84c48d4 100644 --- a/README.md +++ b/README.md @@ -17,11 +17,11 @@ Use the `bin/start-vm` script from [Garden Linux](https://github.com/gardenlinux Depending on your architecture, it should look like this: ```bash -$ path/to/gardenlinux/bin/start-vm --no-watchdog .build/ostree-arm64-trixie-local.ostree.raw +$ path/to/gardenlinux/bin/start-vm --no-watchdog .build/ostree-arm64-trixie*.ostree.raw ``` ```bash -$ path/to/gardenlinux/bin/start-vm --no-watchdog .build/ostree-amd64-trixie-local.ostree.raw +$ path/to/gardenlinux/bin/start-vm --no-watchdog .build/ostree-amd64-trixie*.ostree.raw ``` Check for the actual name of the image in the `.build` directory. diff --git a/features/ostree/exec.late b/features/ostree/exec.late index dce6cd5..4e89ba4 100755 --- a/features/ostree/exec.late +++ b/features/ostree/exec.late @@ -62,6 +62,11 @@ cp "/boot/initrd.img-$version" /usr/lib/modules/$version/initramfs.img # Build fails if we do this here instead of in image.ostree.raw # mv /etc /usr/etc +useradd --user-group --home-dir /var/home/user --shell /usr/bin/bash user +printf "user:user123!" | chpasswd +echo "%sudo ALL=(ALL) NOPASSWD:ALL" | tee /etc/sudoers.d/nopasswd +usermod -aG sudo user + # Delete apt because this is an image-based system rm -f /etc/cron.daily/apt-compat rm -f /etc/logrotate.d/apt diff --git a/features/ostree/file.include/etc/systemd/system/serial-getty@.service.d/autologin.conf b/features/ostree/file.include/etc/systemd/system/serial-getty@.service.d/autologin.conf index 42e9ebd..7062620 100644 --- a/features/ostree/file.include/etc/systemd/system/serial-getty@.service.d/autologin.conf +++ b/features/ostree/file.include/etc/systemd/system/serial-getty@.service.d/autologin.conf @@ -1,3 +1,3 @@ [Service] ExecStart= -ExecStart=-/sbin/agetty --autologin root -o '-p -f -- \\u' --keep-baud 115200,38400,9600 %I $TERM +ExecStart=-/sbin/agetty --autologin user -o '-p -f -- \\u' --keep-baud 115200,38400,9600 %I $TERM diff --git a/features/ostree/image.ostree.raw b/features/ostree/image.ostree.raw index 7f84f77..036da10 100755 --- a/features/ostree/image.ostree.raw +++ b/features/ostree/image.ostree.raw @@ -32,10 +32,13 @@ boot_hash=`ls "$OSTREE_SYSROOT"/ostree/boot.1.1/gardenlinux/` mkdir -p "$OSTREE_SYSROOT"/ostree/boot.1.1/gardenlinux/$boot_hash/0/sysroot mkdir -p "$OSTREE_SYSROOT"/ostree/deploy/gardenlinux/var/home +mkdir -p "$OSTREE_SYSROOT"/ostree/deploy/gardenlinux/var/home/user mkdir -p "$OSTREE_SYSROOT"/ostree/deploy/gardenlinux/var/roothome mkdir -p "$OSTREE_SYSROOT"/ostree/deploy/gardenlinux/var/opt mkdir -p "$OSTREE_SYSROOT"/ostree/deploy/gardenlinux/var/srv +chown 1000:1000 "$OSTREE_SYSROOT"/ostree/deploy/gardenlinux/var/home/user + # Build disk image, this is hacky as of now, needs rework # Setup bootloader boot_dir=$(mktemp -d) diff --git a/features/ostree/pkg.include b/features/ostree/pkg.include index 0e5a259..c8a1daf 100644 --- a/features/ostree/pkg.include +++ b/features/ostree/pkg.include @@ -9,6 +9,7 @@ network-manager ostree ostree-boot podman +sudo systemd systemd-boot systemd-resolved