This commit contains a new chroot hook file. The hook, upon execution by live-build, will add a function 'su' to '/etc/bash.bashrc'. The function 'su' is supposed to intercept calls to 'su' and take these steps:
1. Ask the user to set the administration password, if not already set. 2. Ask the user to use sudo instead of su. --- .../51-replace_su_with_sudo | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100755 config/chroot_local-hooks/51-replace_su_with_sudo diff --git a/config/chroot_local-hooks/51-replace_su_with_sudo b/config/chroot_local-hooks/51-replace_su_with_sudo new file mode 100755 index 0000000000..c75b11b727 --- /dev/null +++ b/config/chroot_local-hooks/51-replace_su_with_sudo @@ -0,0 +1,30 @@ +#!/bin/sh + +set -e + +# Replace su by a message to use sudo +# https://redmine.tails.boum.org/code/issues/15583 + +echo "Disabling usage of su" + +OPTS_FILE='/etc/bash.bashrc' +NO_PASSWORD_LECTURE_FILE='/etc/sudoers.d/tails-greeter-no-password-lecture' + +cat <<EOF>> "${OPTS_FILE}" +su (){ + if [ -f "${NO_PASSWORD_LECTURE_FILE}" ]; then + echo By default, the administration password is disabled for better security. + echo + echo In order to perform administration tasks, you need to setup an + echo administration password when starting Tails. + echo + echo Then execute commands with sudo. + echo + echo See the corresponding documentation: + echo https://tails.boum.org/administration_password/ + echo + fi + + echo su is disabled. Please use sudo instead. +} +EOF -- 2.19.1 _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
