Setup sudo for Debian Stable

2026-05-08 15:04:04 -04:00
parent 9216adbe2b
commit 2af92f274d
1 changed files with 39 additions and 1 deletions
--- a/installer.sh
+++ b/installer.sh
@ -95,7 +95,7 @@ install_packages() {
  log "Installing Debian packages..."
  apt-get update
  apt-get install -y \
-    ca-certificates curl jq openssl sqlite3 \
+    ca-certificates curl jq openssl sqlite3 sudo \
    nginx \
    php-fpm php-cli php-sqlite3 php-curl php-mbstring php-xml php-zip \
    python3 python3-dev python3-pip python3-venv python3-virtualenv python3-scapy \
@ -1193,12 +1193,50 @@ BASH
  chmod +x /usr/local/bin/baldcanary
 }

+ensure_sudo_available() {
+  log "Checking sudo support..."
+
+  if ! command -v sudo >/dev/null 2>&1; then
+    log "sudo is not installed. Installing sudo..."
+    apt-get update
+    apt-get install -y sudo
+  fi
+
+  if [[ ! -d /etc/sudoers.d ]]; then
+    log "Creating /etc/sudoers.d..."
+    mkdir -p /etc/sudoers.d
+    chmod 750 /etc/sudoers.d
+  fi
+
+  if [[ ! -f /etc/sudoers ]]; then
+    fail "/etc/sudoers does not exist after installing sudo. Cannot safely continue."
+  fi
+
+  if ! grep -Eq '^[[:space:]]*#includedir[[:space:]]+/etc/sudoers.d' /etc/sudoers; then
+    log "Enabling /etc/sudoers.d include in /etc/sudoers..."
+    printf '\n#includedir /etc/sudoers.d\n' >> /etc/sudoers
+  fi
+
+  if ! command -v visudo >/dev/null 2>&1; then
+    fail "visudo is not available after installing sudo. Cannot safely continue."
+  fi
+}
+
 write_sudoers() {
  log "Allowing web admin to disable Admin Mode safely..."
+
+  ensure_sudo_available
+
  cat > /etc/sudoers.d/baldcanary <<'EOF'
 www-data ALL=(root) NOPASSWD: /usr/local/bin/baldcanary admin off
 EOF
+
  chmod 440 /etc/sudoers.d/baldcanary
+
+  if ! visudo -cf /etc/sudoers >/dev/null; then
+    rm -f /etc/sudoers.d/baldcanary
+    fail "sudoers validation failed. Removed /etc/sudoers.d/baldcanary."
+  fi
 }

 write_ssl() {