X-Git-Url: http://git.grml.org/?a=blobdiff_plain;f=usr_sbin%2Fmake_chroot_jail;h=083c2d27e6a9338ab7788051a1f28504b327645a;hb=2706049698b8bc7478aa252f5e3a4f394bad4e5e;hp=036d7a75e91c162aaf367a643f7f08e77cdcb923;hpb=9fef74081f53d30174118872324fa62d4a8145b5;p=grml-scripts.git

diff --git a/usr_sbin/make_chroot_jail b/usr_sbin/make_chroot_jail
index 036d7a7..083c2d2 100755
--- a/usr_sbin/make_chroot_jail
+++ b/usr_sbin/make_chroot_jail
@@ -60,7 +60,7 @@ echo "Am I root?  "
 if [ "$(whoami 2>/dev/null)" != "root" ] && [ "$(id -un 2>/dev/null)" != "root" ] ; then
   echo "  NO!
 
-Error: You must be root to run this script."
+Error: You must be root to run this script." >&2
   exit 1
 fi
 echo "  OK";
@@ -107,7 +107,7 @@ if ( test -f /usr/bin/which ) || ( test -f /bin/which ) || ( test -f /sbin/which
   else echo "  failed
 
 Please install which-binary!
-"
+" >&2
 exit 1
 fi
 
@@ -118,7 +118,7 @@ if [ `which chroot` ];
 
 chroot not found!
 Please install chroot-package/binary!
-"
+" >&2
 exit 1
 fi
 
@@ -130,7 +130,7 @@ else
 
 sudo not found!
 Please install sudo-package/binary!
-"
+" >&2
 exit 1
 fi
 
@@ -142,7 +142,7 @@ else
 
 dirname not found!
 Please install dirname-binary (to be found eg in the package coreutils)!
-"
+" >&2
 exit 1
 fi
 
@@ -155,7 +155,7 @@ else
 
 awk not found!
 Please install (g)awk-package/binary!
-"
+" >&2
 exit 1
 fi
 
@@ -210,7 +210,7 @@ Say only yes if you absolutely know what you are doing!
   read MODIFYUSER
   if [ "$MODIFYUSER" != "yes" ]; then
     echo "
-Not entered yes. Exiting...."
+Not entered yes. Exiting...." >&2
     exit 1
   fi
 }
@@ -232,7 +232,7 @@ time when adding more than one account to the jail)
 read OVERWRITE
 if [ "$OVERWRITE" != "yes" ]; then
   echo "
-Not entered yes. Exiting...."
+Not entered yes. Exiting...." >&2
   exit 1
 fi
 else
@@ -278,10 +278,17 @@ echo
 # skip the creation of the new account
 if [ "$1" != "update" ]; then
 
-# Modifiy /etc/sudoers to enable chroot-ing for users
+# Modify sudo config to enable chroot-ing for users,
 # must be removed by hand if account is deleted
-echo "Modifying /etc/sudoers"
-echo "$CHROOT_USERNAME       ALL=NOPASSWD: `which chroot`, /bin/su - $CHROOT_USERNAME" >> /etc/sudoers
+SUDOERS="$CHROOT_USERNAME       ALL=NOPASSWD: $(which chroot), /bin/su - $CHROOT_USERNAME"
+if [ -d /etc/sudoers.d ]; then
+  echo "Installing sudoers configuration file /etc/sudoers.d/jail-$CHROOT_USERNAME"
+  echo "$SUDOERS" > "/etc/sudoers.d/jail-$CHROOT_USERNAME"
+  chmod 0440 "/etc/sudoers.d/jail-$CHROOT_USERNAME"
+else
+  echo "Modifying /etc/sudoers"
+  echo "$SUDOERS" >> /etc/sudoers
+fi
 
 # Define HomeDir for simple referencing
 HOMEDIR="$JAILPATH/home/$CHROOT_USERNAME"
@@ -302,7 +309,7 @@ useradd -m -d "$HOMEDIR" -s "$SHELL" $CHROOT_USERNAME && chmod 700 "$HOMEDIR"
 
 # Enter password for new account
 if !(passwd $CHROOT_USERNAME);
-  then echo "Passwords are probably not the same, try again."
+  then echo "Passwords are probably not the same, try again." >&2
   exit 1;
 fi
 echo