From cff37ce502a6bc025e9a50fad1bea59db16298bd Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Mon, 14 Aug 2023 15:28:29 +0200 Subject: [PATCH] Stop creating default user for cloud-init All relatively modern cloud-inits are capable of creating default user as well as granting root privileges for them. Currently cloud-init creates pretty much the same sudoers file. So running steps under the new DIB_DEBIAN_CLOUD_INIT_HELPER does not make sense for last couple of Debian releases. Change-Id: I3cebd318f1f0313bba00ecf639328978d3ad0f32 --- .../elements/debian/install.d/10-cloud-opinions | 13 ++++++++----- .../notes/debian_cloud_init-8d91b34b96c621fe.yaml | 8 ++++++++ 2 files changed, 16 insertions(+), 5 deletions(-) create mode 100644 releasenotes/notes/debian_cloud_init-8d91b34b96c621fe.yaml diff --git a/diskimage_builder/elements/debian/install.d/10-cloud-opinions b/diskimage_builder/elements/debian/install.d/10-cloud-opinions index 5ecc3d26..a8b015b6 100755 --- a/diskimage_builder/elements/debian/install.d/10-cloud-opinions +++ b/diskimage_builder/elements/debian/install.d/10-cloud-opinions @@ -20,20 +20,23 @@ if [ ${DIB_DEBUG_TRACE:-1} -gt 0 ]; then fi set -eu set -o pipefail + case "${DIB_RELEASE}" in hamm|slink|potato|woody|sarge|etch|lenny|squeeze|wheezy) DIB_DEBIAN_ALT_INIT_PACKAGE=${DIB_DEBIAN_ALT_INIT_PACKAGE:-sysvinit} + DIB_DEBIAN_CLOUD_INIT_HELPER=${DIB_DEBIAN_CLOUD_INIT_HELPER:-'true'} ;; *) DIB_DEBIAN_ALT_INIT_PACKAGE=${DIB_DEBIAN_ALT_INIT_PACKAGE:-systemd-sysv} ;; esac - -adduser --gecos Debian-cloud-init-user --disabled-password --quiet debian -install -d -m 0755 -o root -g root /etc/sudoers.d -echo 'debian ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/debian-cloud-init -chmod 0440 /etc/sudoers.d/debian-cloud-init +if [ -n "${DIB_DEBIAN_CLOUD_INIT_HELPER:-}" ]; then + adduser --gecos Debian-cloud-init-user --disabled-password --quiet debian + install -d -m 0755 -o root -g root /etc/sudoers.d + echo 'debian ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/debian-cloud-init + chmod 0440 /etc/sudoers.d/debian-cloud-init +fi if [ "$DIB_DEBIAN_ALT_INIT_PACKAGE" != "sysvinit" ]; then # To avoid a conflict against an essential package, we need to remove sysvinit first diff --git a/releasenotes/notes/debian_cloud_init-8d91b34b96c621fe.yaml b/releasenotes/notes/debian_cloud_init-8d91b34b96c621fe.yaml new file mode 100644 index 00000000..ca6432e6 --- /dev/null +++ b/releasenotes/notes/debian_cloud_init-8d91b34b96c621fe.yaml @@ -0,0 +1,8 @@ +--- +other: + - | + Added a ``DIB_DEBIAN_CLOUD_INIT_HELPER`` variable that controls whether + ``debian`` element will attempt to pre-create required users and sudoers + file for the default cloud-init user. This should not be needed for any + modern Debian distro. +