feat: enhance debros user setup and sudoers configuration

- Added functionality to create the 'debros' user if it does not exist during setup. - Implemented a mechanism to configure passwordless sudo access for the 'debros' user, including validation of the sudoers rule. - Updated setup command output to guide users on accessing the 'debros' user.
2025-12-13 00:58:50 +00:00 · 2025-10-26 11:38:31 +02:00 · 2025-10-26 11:38:31 +02:00 · e96271e28c
commit e96271e28c
parent 879ba1f2e6
1 changed files with 46 additions and 6 deletions
--- a/pkg/cli/setup.go
+++ b/pkg/cli/setup.go
@ -107,6 +107,8 @@ func HandleSetupCommand(args []string) {
 	fmt.Printf("  network-cli service status all\n")
 	fmt.Printf("  network-cli service logs node --follow\n")
 	fmt.Printf("  network-cli service restart gateway\n\n")
 	fmt.Printf("Access DeBros User:\n")
 	fmt.Printf("  sudo -u debros bash\n\n")
 	fmt.Printf("Verify Installation:\n")
 	fmt.Printf("  curl http://localhost:6001/health\n")
 	fmt.Printf("  curl http://localhost:5001/status\n\n")
@ -194,19 +196,57 @@ func setupDebrosUser() {
 	fmt.Printf("👤 Setting up 'debros' user...\n")
 	// Check if user exists
 	userExists := false
 	if _, err := exec.Command("id", "debros").CombinedOutput(); err == nil {
 		fmt.Printf("   ✓ User 'debros' already exists\n")
 		userExists = true
 	} else {
 		// Create user
 		cmd := exec.Command("useradd", "-r", "-m", "-s", "/bin/bash", "-d", "/home/debros", "debros")
 		if err := cmd.Run(); err != nil {
 			fmt.Fprintf(os.Stderr, "❌ Failed to create user 'debros': %v\n", err)
 			os.Exit(1)
 		}
 		fmt.Printf("   ✓ Created user 'debros'\n")
 	}
 	// Get the user who invoked sudo (the actual user, not root)
 	sudoUser := os.Getenv("SUDO_USER")
 	if sudoUser == "" {
 		// If not running via sudo, skip sudoers setup
 		return
 	}
-	// Create user
+	// Create sudoers rule to allow passwordless access to debros user
-	cmd := exec.Command("useradd", "-r", "-m", "-s", "/bin/bash", "-d", "/home/debros", "debros")
+	sudoersRule := fmt.Sprintf("%s ALL=(debros) NOPASSWD: ALL\n", sudoUser)
-	if err := cmd.Run(); err != nil {
+	sudoersFile := "/etc/sudoers.d/debros-access"
-		fmt.Fprintf(os.Stderr, "❌ Failed to create user 'debros': %v\n", err)
+
-		os.Exit(1)
+	// Check if sudoers rule already exists
 	if existing, err := os.ReadFile(sudoersFile); err == nil {
 		if strings.Contains(string(existing), sudoUser) {
 			if !userExists {
 				fmt.Printf("   ✓ Sudoers access configured\n")
 			}
 			return
 		}
 	}
-	fmt.Printf("   ✓ Created user 'debros'\n")
+	// Write sudoers rule
 	if err := os.WriteFile(sudoersFile, []byte(sudoersRule), 0440); err != nil {
 		fmt.Fprintf(os.Stderr, "⚠️  Failed to create sudoers rule: %v\n", err)
 		fmt.Fprintf(os.Stderr, "   You can manually switch to debros using: sudo -u debros bash\n")
 		return
 	}
 	// Validate the sudoers file
 	if err := exec.Command("visudo", "-c", "-f", sudoersFile).Run(); err != nil {
 		fmt.Fprintf(os.Stderr, "⚠️  Sudoers rule validation failed, removing file\n")
 		os.Remove(sudoersFile)
 		return
 	}
 	fmt.Printf("   ✓ Sudoers access configured\n")
 	fmt.Printf("   You can now run: sudo -u debros bash\n")
 }
 func installSystemDependencies() {