QubesOS-Scripts/sudo-dom0.sh

sudo authselect create-profile sudo-dom0-prompt --base-on=sssd --symlink-meta --symlink-pam
sudo mv /etc/authselect/custom/sudo-dom0-prompt/system-auth /etc/authselect/custom/sudo-dom0-prompt/system-auth.original_aside
sudo cp /etc/authselect/system-auth /etc/authselect/custom/sudo-dom0-prompt

sudo sed -i '/^auth/d'  /etc/authselect/custom/sudo-dom0-prompt/system-auth

sed -i '/^account/ i auth  [success=1 default=ignore]  pam_exec.so seteuid /usr/lib/qubes/qrexec-client-vm dom0 qubes.VMAAuth /bin/grep -q ^1$\nauth  requisite  pam_deny.so\nauth  required   pam_permit.so' /etc/authselect/custom/sudo-dom0-prompt/system-auth

sudo authselect select custom/sudo-dom0-prompt

sudo sed -i '/^%qubes/s/.*/user ALL=(ALL) ALL/' /etc/sudoers.d/qubes

sudo rm /etc/polkit-1/rules.d/00-qubes-allow-all.rules
Typo 2024-10-07 19:52:57 +02:00			`sudo authselect create-profile sudo-dom0-prompt --base-on=sssd --symlink-meta --symlink-pam`
dom0 sudo script 2024-10-07 19:48:53 +02:00			`sudo mv /etc/authselect/custom/sudo-dom0-prompt/system-auth /etc/authselect/custom/sudo-dom0-prompt/system-auth.original_aside`
			`sudo cp /etc/authselect/system-auth /etc/authselect/custom/sudo-dom0-prompt`

I hate regexes 2024-10-07 20:33:21 +02:00			`sudo sed -i '/^auth/d' /etc/authselect/custom/sudo-dom0-prompt/system-auth`

			`sed -i '/^account/ i auth [success=1 default=ignore] pam_exec.so seteuid /usr/lib/qubes/qrexec-client-vm dom0 qubes.VMAAuth /bin/grep -q ^1$\nauth requisite pam_deny.so\nauth required pam_permit.so' /etc/authselect/custom/sudo-dom0-prompt/system-auth`

dom0 sudo script 2024-10-07 19:48:53 +02:00			`sudo authselect select custom/sudo-dom0-prompt`

			`sudo sed -i '/^%qubes/s/.*/user ALL=(ALL) ALL/' /etc/sudoers.d/qubes`

			`sudo rm /etc/polkit-1/rules.d/00-qubes-allow-all.rules`