Generates a sudoers configuration to allow passwordless execution of sshuttle.
(user_name)
| 5 | |
| 6 | |
| 7 | def build_config(user_name): |
| 8 | """Generates a sudoers configuration to allow passwordless execution of sshuttle.""" |
| 9 | |
| 10 | argv0 = os.path.abspath(sys.argv[0]) |
| 11 | is_python_script = argv0.endswith('.py') |
| 12 | executable = f"{sys.executable} {argv0}" if is_python_script else argv0 |
| 13 | dist_packages = os.path.dirname(os.path.abspath(__file__)) |
| 14 | cmd_alias = f"SSHUTTLE{uuid4().hex[-3:].upper()}" |
| 15 | |
| 16 | template = f""" |
| 17 | # WARNING: If you intend to restrict a user to only running the |
| 18 | # sshuttle command as root, THIS CONFIGURATION IS INSECURE. |
| 19 | # When a user can run sshuttle as root (with or without a password), |
| 20 | # they can also run other commands as root because sshuttle itself |
| 21 | # can run a command specified by the user with the --ssh-cmd option. |
| 22 | |
| 23 | # INSTRUCTIONS: Add this text to your sudo configuration to run |
| 24 | # sshuttle without needing to enter a sudo password. To use this |
| 25 | # configuration, run 'visudo /etc/sudoers.d/sshuttle_auto' as root and |
| 26 | # paste this text into the editor that it opens. If you want to give |
| 27 | # multiple users these privileges, you may wish to use different |
| 28 | # filenames for each one (i.e., /etc/sudoers.d/sshuttle_auto_john). |
| 29 | |
| 30 | # This configuration was initially generated by the |
| 31 | # 'sshuttle --sudoers-no-modify' command. |
| 32 | |
| 33 | Cmnd_Alias {cmd_alias} = /usr/bin/env PYTHONPATH={dist_packages} {executable} * |
| 34 | |
| 35 | {user_name} ALL=NOPASSWD: {cmd_alias} |
| 36 | """ |
| 37 | |
| 38 | return template |
| 39 | |
| 40 | |
| 41 | def sudoers(user_name=None): |