From 7e3b1fb455acc95890e147e7f063f424cd2d310a Mon Sep 17 00:00:00 2001
From: Robert Nelson <robertcnelson@gmail.com>
Date: Fri, 28 Oct 2016 10:38:30 -0500
Subject: [PATCH] stretch: rework sudo

Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
---
 scripts/chroot.sh                        | 10 ++++++++--
 target/chroot/beagleboard.org-stretch.sh |  5 +++--
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/scripts/chroot.sh b/scripts/chroot.sh
index c61804e5b..ceae29515 100755
--- a/scripts/chroot.sh
+++ b/scripts/chroot.sh
@@ -813,8 +813,14 @@ cat > "${DIR}/chroot_script.sh" <<-__EOF__
 		dpkg_check
 
 		if [ "x\${pkg_is_not_installed}" = "x" ] ; then
-			echo "Log: (chroot) adding admin group to /etc/sudoers"
-			echo "%admin  ALL=(ALL) ALL" >>/etc/sudoers
+			if [ -f /etc/sudoers.d/README ] ; then
+				echo "Log: (chroot) adding admin group to /etc/sudoers.d/admin"
+				echo "%admin ALL=(ALL:ALL) ALL" >/etc/sudoers.d/admin
+				chmod 0440 /etc/sudoers.d/admin
+			else
+				echo "Log: (chroot) adding admin group to /etc/sudoers"
+				echo "%admin  ALL=(ALL) ALL" >>/etc/sudoers
+			fi
 		else
 			dpkg_package_missing
 			if [ "x${rfs_disable_root}" = "xenable" ] ; then
diff --git a/target/chroot/beagleboard.org-stretch.sh b/target/chroot/beagleboard.org-stretch.sh
index 5fecbb846..58e2b532f 100755
--- a/target/chroot/beagleboard.org-stretch.sh
+++ b/target/chroot/beagleboard.org-stretch.sh
@@ -357,9 +357,10 @@ unsecure_root () {
 		sed -i -e 's:PermitRootLogin without-password:PermitRootLogin yes:g' /etc/ssh/sshd_config
 	fi
 
-	if [ -f /etc/sudoers ] ; then
+	if [ -d /etc/sudoers.d/ ] ; then
 		#Don't require password for sudo access
-		echo "${rfs_username}  ALL=NOPASSWD: ALL" >>/etc/sudoers
+		echo "${rfs_username} ALL=NOPASSWD: ALL" >/etc/sudoers.d/${rfs_username}
+		chmod 0440 /etc/sudoers.d/${rfs_username}
 	fi
 }
 
-- 
GitLab