From 4d8f0b15ab2f04b9c838b2bc006e419cbc2e96a6 Mon Sep 17 00:00:00 2001 From: FlintyLemming Date: Fri, 22 May 2026 13:40:55 +0800 Subject: [PATCH] fix(setup): Debian passwordless sudo and optional Docker install Run visudo validation and sudoers.d checks with sudo so Debian no longer fails with a false validation error. Prompt before installing Docker and move AOSC Docker packages into the same optional install path. Co-authored-by: Cursor --- linux-managements/setup.sh | 89 ++++++++++++++++++++++++-------------- 1 file changed, 57 insertions(+), 32 deletions(-) diff --git a/linux-managements/setup.sh b/linux-managements/setup.sh index 3c167ec..0c71272 100755 --- a/linux-managements/setup.sh +++ b/linux-managements/setup.sh @@ -266,8 +266,8 @@ install_packages() { case "$DISTRO" in aosc) info "Installing packages via oma ..." - psudo oma install -y git fish eza fastfetch btop docker docker-compose docker-buildx - success "All packages installed via oma" + psudo oma install -y git fish eza fastfetch btop + success "Base packages installed via oma" ;; debian|ubuntu) install_git @@ -327,43 +327,57 @@ setup_fish() { install_docker() { step "Docker Installation" + if command -v docker &>/dev/null; then + info "Docker already installed ($(docker --version)), configuring non-root access" + docker_no_root + return + fi + + prompt_read ans "Install Docker Engine? [y/N] " + case "$ans" in + [Yy]*) ;; + *) + info "Skipping Docker installation" + return + ;; + esac + case "$DISTRO" in aosc) - info "Docker already installed via oma, skipping" + info "Installing Docker via oma ..." + if psudo oma install -y docker docker-compose docker-buildx; then + success "Docker installed" + else + warn "Docker installation failed — please install manually later." + return + fi ;; debian|ubuntu) - if command -v docker &>/dev/null; then - info "Docker already installed ($(docker --version)), skipping" + curl -fsSL https://git.mitsea.com/FlintyLemming/scripts-public/raw/branch/main/linux-managements/install-docker.sh \ + -o /tmp/install-docker.sh + if psudo sh /tmp/install-docker.sh; then + success "Docker installed" else - curl -fsSL https://git.mitsea.com/FlintyLemming/scripts-public/raw/branch/main/linux-managements/install-docker.sh \ - -o /tmp/install-docker.sh - if psudo sh /tmp/install-docker.sh; then - success "Docker installed" - else - warn "Docker installation failed (packages may not be available for this release)." - warn "Skipping Docker — please install manually later." - fi + warn "Docker installation failed (packages may not be available for this release)." + warn "Skipping Docker — please install manually later." + return fi ;; fedora) - if command -v docker &>/dev/null; then - info "Docker already installed ($(docker --version)), skipping" + info "Setting up Docker CE repository ..." + psudo curl -fsSL https://download.docker.com/linux/fedora/docker-ce.repo \ + -o /etc/yum.repos.d/docker-ce.repo + if psudo dnf install -y docker-ce docker-ce-cli containerd.io \ + docker-compose-plugin docker-buildx-plugin; then + success "Docker installed" else - info "Setting up Docker CE repository ..." - psudo curl -fsSL https://download.docker.com/linux/fedora/docker-ce.repo \ - -o /etc/yum.repos.d/docker-ce.repo - if psudo dnf install -y docker-ce docker-ce-cli containerd.io \ - docker-compose-plugin docker-buildx-plugin; then - success "Docker installed" - else - warn "Docker installation failed (packages may not be available for this release)." - warn "Skipping Docker — please install manually later." - fi + warn "Docker installation failed (packages may not be available for this release)." + warn "Skipping Docker — please install manually later." + return fi ;; esac - # Only configure docker group/service if docker was actually installed if command -v docker &>/dev/null; then docker_no_root fi @@ -540,6 +554,12 @@ ensure_sudo() { fi } +# Debian ignores sudoers.d fragments whose names contain '.' or '~'. +sudoers_d_filename_ok() { + local name="$1" + [[ "$name" =~ ^[a-zA-Z0-9_-]+$ ]] +} + # ─── Passwordless Sudo ──────────────────────────────────────────────────────── setup_passwordless_sudo() { step "Passwordless Sudo" @@ -547,8 +567,14 @@ setup_passwordless_sudo() { local sudoers_file="/etc/sudoers.d/${USER}" local expected_line="${USER} ALL=(ALL) NOPASSWD: ALL" - # Already configured? - if [ -f "$sudoers_file" ] && grep -qF "$expected_line" "$sudoers_file" 2>/dev/null; then + if ! sudoers_d_filename_ok "$USER"; then + warn "Username '$USER' is not valid for /etc/sudoers.d/ on Debian (use only letters, digits, '_' and '-')" + warn "Skipping passwordless sudo — configure manually if needed" + return + fi + + # Already configured? (sudoers.d is root-only readable on Debian) + if psudo test -f "$sudoers_file" && psudo grep -qF "$expected_line" "$sudoers_file" 2>/dev/null; then info "Passwordless sudo already configured for '$USER'" return fi @@ -556,15 +582,14 @@ setup_passwordless_sudo() { prompt_read ans "Enable passwordless sudo for '${USER}'? [y/N] " case "$ans" in [Yy]*) - # Write to a temp file first, then validate with visudo -cf local tmp_file tmp_file="$(mktemp)" echo "$expected_line" > "$tmp_file" chmod 0440 "$tmp_file" - if visudo -cf "$tmp_file" >/dev/null 2>&1; then - psudo cp "$tmp_file" "$sudoers_file" - psudo chmod 0440 "$sudoers_file" + # visudo requires root on Debian/Ubuntu; validating as the current user fails with "Permission denied" + if psudo visudo -cf "$tmp_file" >/dev/null 2>&1; then + psudo install -o root -g root -m 0440 "$tmp_file" "$sudoers_file" rm -f "$tmp_file" success "Passwordless sudo enabled for '$USER'" else