<div dir="auto">Hi John,<div dir="auto"><br></div><div dir="auto">if you are using LDAP - why not permitting a LDAP group (which already exists during install) and then configure sudo via LDAP?</div><div dir="auto"><br></div><div dir="auto">Thats how I solved it for my soho environment.</div><div dir="auto"><br></div><div dir="auto">See: <a href="https://www.sudo.ws/man/1.8.17/sudoers.ldap.man.html">https://www.sudo.ws/man/1.8.17/sudoers.ldap.man.html</a></div><div dir="auto"><br></div><div dir="auto">Kind Regards</div><div dir="auto"><br></div><div dir="auto">Martin</div></div><br><div class="gmail_quote"><div dir="ltr">On Wed, Jan 9, 2019, 22:06 John G Heim <<a href="mailto:jheim@math.wisc.edu">jheim@math.wisc.edu</a> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">So I had this problem. I want to configure certain users to have sudo on <br>
the workstations I manage. Problem we do ldap authenticaition -- so the <br>
users don't exist during the install. I can easily write an fai script <br>
to do an adduser but it doesn't work because the user doesn't exist <br>
during the install. What I needed to do is to run a script once after <br>
the system reboots into the newly installed operating system. I thought <br>
about putting a script on there that would run at boot time and delete <br>
itself. But that's ugly and failure prone. But I came up with a solution <br>
that is much more reliable and flexible.<br>
<br>
1. Create a crontab file to be copied to the target system during the <br>
install. For example, during my fai installs, I create a class called <br>
INSTALL. So I created a crontab file <br>
/srv/fai/config/files/etc/crontab/INSTALL.<br>
<br>
Put a command like this in this file:<br>
<br>
@reboot root fai --class/dev/null=POSTINST softupdate<br>
<br>
2. Add an fcopy command to one of your installation scripts to copy the <br>
crontab file:<br>
<br>
fcopy -Bi /etc/crontab<br>
<br>
3. Create another, normal crontab file without the above line and call <br>
it POSTINST or whatever you called the class in the first crontab. In <br>
this example, it would be /srv/fai/config/files/etc/crontab/POSTINST.<br>
<br>
4. in your fai script space, create a directory called POSTINST<br>
<br>
mkdir /srv/fai/config/scripts/POSTINST<br>
<br>
5. Put a script in there to install the normal crontab file<br>
<br>
fcopy -Bi /etc/crontab<br>
<br>
6. Put scripts to do whatever else you want into that same directory. <br>
These scripts will be run just once when the system reboots after the <br>
original fai install. The target machine will look completely normal and <br>
there won't be any extra programs/scripts on it (unless you count fai <br>
itself).<br>
<br>
Verstehst du?<br>
<br>
-- <br>
--<br>
John G. Heim; <a href="mailto:jheim@math.wisc.edu" target="_blank" rel="noreferrer">jheim@math.wisc.edu</a>; sip://<a href="mailto:jheim@sip.linphone.org" target="_blank" rel="noreferrer">jheim@sip.linphone.org</a><br>
</blockquote></div>