diff options
author | Brian May <brian@linuxpenguins.xyz> | 2021-05-31 07:53:19 +1000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-05-31 07:53:19 +1000 |
commit | 58c264ff1c28ca2f780c86ba79ba58cd21050617 (patch) | |
tree | ceed6d2aafcf7158b9ac5b586fa30b91ac106d43 | |
parent | 1820264dd58f72beea3aea08fbf7268aad835b86 (diff) | |
parent | 8c5ffc9e729aeedf25a6c6c26e62406b0c58e436 (diff) |
Merge pull request #648 from skuhl/sudoers-add-sanitize
Fix #637: sudoers-add should always write to /etc/sudoers.d/...
-rwxr-xr-x | bin/sudoers-add | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/bin/sudoers-add b/bin/sudoers-add index 5bec3d1..e359d46 100755 --- a/bin/sudoers-add +++ b/bin/sudoers-add @@ -50,6 +50,14 @@ if [ "$FILE_NAME" == "" ]; then exit 1 fi +# Verify that the resulting file name begins with /etc/sudoers.d +FILE_NAME="$(realpath "/etc/sudoers.d/$FILE_NAME")" +if [[ "$FILE_NAME" != "/etc/sudoers.d/"* ]] ; then + echo -n "Invalid sudoers filename: Final sudoers file " + echo "location ($FILE_NAME) does not begin with /etc/sudoers.d" + exit 1 +fi + # Make a temp file to hold the sudoers config umask 077 TEMP_FILE=$(mktemp) @@ -62,9 +70,9 @@ visudo_code=$? rm "$TEMP_FILE" if [ $visudo_code -eq 0 ]; then - echo "$CONTENT" > "/etc/sudoers.d/$FILE_NAME" - chmod 0440 "/etc/sudoers.d/$FILE_NAME" - echo "The sudoers file /etc/sudoers.d/$FILE_NAME has been successfully created!" + echo "$CONTENT" > "$FILE_NAME" + chmod 0440 "$FILE_NAME" + echo "The sudoers file $FILE_NAME has been successfully created!" exit 0 else |