From 88bbd43e812c26c701b7fc6b52433d4c87f4a3b2 Mon Sep 17 00:00:00 2001 From: ewilly Date: Tue, 18 Dec 2018 07:30:30 +0100 Subject: [PATCH] Grant user to manage its own systemd service --- conf/sudoers | 5 +++++ scripts/backup | 1 + scripts/install | 4 ++++ scripts/remove | 3 +++ scripts/restore | 1 + scripts/upgrade | 4 ++++ 6 files changed, 18 insertions(+) create mode 100644 conf/sudoers diff --git a/conf/sudoers b/conf/sudoers new file mode 100644 index 0000000..71e014d --- /dev/null +++ b/conf/sudoers @@ -0,0 +1,5 @@ +# Grant sudo permissions to the user to manage his own systemd service +homeassistant ALL=(ALL) NOPASSWD: /bin/systemctl stop homeassistant@homeassistant.service +homeassistant ALL=(ALL) NOPASSWD: /bin/systemctl start homeassistant@homeassistant.service +homeassistant ALL=(ALL) NOPASSWD: /bin/systemctl restart homeassistant@homeassistant.service +homeassistant ALL=(ALL) NOPASSWD: /bin/systemctl status homeassistant@homeassistant.service diff --git a/scripts/backup b/scripts/backup index a22b48f..772bf4c 100644 --- a/scripts/backup +++ b/scripts/backup @@ -20,4 +20,5 @@ home_path="/home/$app" ynh_backup "$final_path" ynh_backup "$home_path" ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_backup "/etc/sudoers.d/$app" ynh_backup "/etc/systemd/system/$app@$app.service" diff --git a/scripts/install b/scripts/install index 7961cfd..95e0e2c 100644 --- a/scripts/install +++ b/scripts/install @@ -36,6 +36,10 @@ ynh_exec_fully_quiet yunohost firewall allow TCP $port # create a dedicated system user ynh_system_user_create $app +# grant sudo permissions to the user to manage his own systemd service +myynh_create_dir "/etc/sudoers.d" +cp "../sudoers" "/etc/sudoers.d/$app" + # create a directory for the installation of Home Assistant myynh_create_dir "$final_path" chown $app: "$final_path" diff --git a/scripts/remove b/scripts/remove index a90d43a..e04eeb8 100644 --- a/scripts/remove +++ b/scripts/remove @@ -42,3 +42,6 @@ ynh_exec_fully_quiet yunohost firewall disallow TCP $port # delete a system user ynh_system_user_delete "$app" + +# remove sudoers file +ynh_secure_remove "/etc/sudoers.d/$app" diff --git a/scripts/restore b/scripts/restore index 6266e95..1646f8c 100644 --- a/scripts/restore +++ b/scripts/restore @@ -33,6 +33,7 @@ ynh_system_user_create "$app" # restore conf files ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_restore_file "/etc/sudoers.d/$app" ynh_restore_file "/etc/systemd/system/$app@$app.service" # restore source diff --git a/scripts/upgrade b/scripts/upgrade index abdb533..73c5283 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -23,6 +23,10 @@ if [ -f "/etc/yunohost/apps/$app/scripts/backup" ] ; then } fi +# grant sudo permissions to the user to manage his own systemd service +myynh_create_dir "/etc/sudoers.d" +cp "../sudoers" "/etc/sudoers.d/$app" + # add required packages ynh_install_app_dependencies "$PKG_DEPENDENCIES"