deflogin: added sudoers security note

/etc/sudoers is persistent with regard to userdel(8) so removing a LiveCD user isn't going to drop this kind of the added privilege and might result in an unintended grant of those by adding a user with the same name after permanent LiveCD installation. This has been spotted by Speccyfighter: https://bugzilla.altlinux.org/31071

deflogin: added sudoers security note
b44e6028 · Michael Shigorin · 0dfab0ce · b44e6028
Commit b44e6028 authored Jun 16, 2015 by Michael Shigorin
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

50-users features.in/deflogin/rootfs/image-scripts.d/50-users +1 -0

No files found.
--- a/features.in/deflogin/rootfs/image-scripts.d/50-users
+++ b/features.in/deflogin/rootfs/image-scripts.d/50-users
@@ -18,6 +18,7 @@ set_password() { echo "$1:$2" | chpasswd; }

 set_admin() { usermod -a --groups "wheel" "$1"; }

+# NB: one must care to purge this from LiveCD if it's installed permanently
 set_sudo() {
 	[ ! -w "/etc/sudoers" ] ||
 		echo "$1	ALL=(ALL) ALL" >> "/etc/sudoers"