dom0 sudo script
This commit is contained in:
		
							parent
							
								
									8f771520d2
								
							
						
					
					
						commit
						c39d1c3d7a
					
				
					 2 changed files with 13 additions and 5 deletions
				
			
		|  | @ -1,6 +1,6 @@ | ||||||
| #!/bin/sh | #!/bin/sh | ||||||
| 
 | 
 | ||||||
| # Copyright (C) 2022-2024 Thien Tran | # Copyright (C) 2022-2024 mustard | ||||||
| # | # | ||||||
| # Licensed under the Apache License, Version 2.0 (the "License"); you may not | # Licensed under the Apache License, Version 2.0 (the "License"); you may not | ||||||
| # use this file except in compliance with the License. You may obtain a copy of | # use this file except in compliance with the License. You may obtain a copy of | ||||||
|  | @ -132,9 +132,6 @@ sudo dnf remove -y abrt* cheese evince file-roller* libreoffice* mediawriter rhy | ||||||
| # We deviate from the script in TommyTran732/Linux-Setup-Scripts here, as removing yajl will break qubes integration. | # We deviate from the script in TommyTran732/Linux-Setup-Scripts here, as removing yajl will break qubes integration. | ||||||
| sudo dnf remove -y lvm2 rng-tools thermald '*perl*' | sudo dnf remove -y lvm2 rng-tools thermald '*perl*' | ||||||
| 
 | 
 | ||||||
| # Disable openh264 repo |  | ||||||
| sudo dnf config-manager --set-disabled fedora-cisco-openh264 |  | ||||||
| 
 |  | ||||||
| # Install custom packages | # Install custom packages | ||||||
| # gnome-shell is needed for theming to work | # gnome-shell is needed for theming to work | ||||||
| sudo dnf -y install qubes-ctap qubes-gpg-split adw-gtk3-theme ncurses gnome-console gnome-shell | sudo dnf -y install qubes-ctap qubes-gpg-split adw-gtk3-theme ncurses gnome-console gnome-shell | ||||||
|  |  | ||||||
							
								
								
									
										11
									
								
								sudo-dom0.sh
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										11
									
								
								sudo-dom0.sh
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,11 @@ | ||||||
|  | sudo nano authselect create-profile sudo-dom0-prompt --base-on=sssd --symlink-meta --symlink-pam | ||||||
|  | sudo mv /etc/authselect/custom/sudo-dom0-prompt/system-auth /etc/authselect/custom/sudo-dom0-prompt/system-auth.original_aside | ||||||
|  | sudo cp /etc/authselect/system-auth /etc/authselect/custom/sudo-dom0-prompt | ||||||
|  | 
 | ||||||
|  | sudo sed -i '/^auth/d' /etc/authselect/system-auth | ||||||
|  | sudo sed -i '/^account/a\auth  [success=1 default=ignore]  pam_exec.so seteuid /usr/lib/qubes/qrexec-client-vm dom0 qubes.VMAuth /bin/grep -q ^1$\nauth  requisite  pam_deny.so\nauth  required   pam_permit.so' /etc/authselect/system-auth | ||||||
|  | sudo authselect select custom/sudo-dom0-prompt | ||||||
|  | 
 | ||||||
|  | sudo sed -i '/^%qubes/s/.*/user ALL=(ALL) ALL/' /etc/sudoers.d/qubes | ||||||
|  | 
 | ||||||
|  | sudo rm /etc/polkit-1/rules.d/00-qubes-allow-all.rules | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue
	
	 mustard
						mustard