use strict;
use File::Basename;
use Getopt::Long;
my $fname;
my $user = $ENV{SUDO_USER};
my $grantprivs = 1;
my @envlist;
$0 = basename($0);
sub usage
{
print STDERR <<"EOF";
Usage: $0 [OPTIONS] FILE
Grant password-free sudo privileges to a user.
Recognized environment variables:
SUDO_USER (mandatory, set by sudo)
Options:
--environment=LIST Allow the listed environment variables.
--remove Remove user privileges.
--verbose Be verbose.
--help Print this message.
EOF
}
sub rewind
{
my $fh = shift;
seek $fh, 0, $IO::Seekable::SEEK_SET;
}
GetOptions( 'verbose' => sub { $ENV{DEBUG} = "y" },
'help' => sub { usage(); exit 0 },
'remove' => sub { $grantprivs = 0 },
'environment=s' => \@envlist
);
@envlist = split(/,/, join(',', @envlist));
push(@envlist, 'EDITOR') unless (grep { $_ eq 'EDITOR'} @envlist);
unless ($fname = shift and -w $fname and $user) {
usage();
exit 1;
}
open my $sudoers, "+<$fname" or die "failed to open $fname: $!";
my @lines = <$sudoers>;
@lines = grep {! /\Q$0\E/ } @lines;
rewind $sudoers;
truncate $sudoers, 0;
for my $line (@lines) {
print $sudoers $line;
}
if ($grantprivs) {
print $sudoers <<"EOF";
User_Alias SAMBAQA = $user SAMBAQA ALL=(ALL) NOPASSWD: ALL Defaults:SAMBAQA env_reset EOF
foreach my $var (@envlist) {
print $sudoers <<"EOF"
Defaults:SAMBAQA env_keep += \"$var\" EOF
}
}
if (defined($ENV{DEBUG})) {
rewind $sudoers;
while (my $line = <$sudoers>) {
print STDOUT $line;
}
}
close $sudoers;
exit 0