rename group to shellsmgmt and fix some stuff

Author: MagicalTux

oscfg/debian.sh

@@ -13,7 +13,8 @@ debian_distro() {
 			debootstrap --include=wget,curl,net-tools,rsync,openssh-server,sudo $SUITE "$WORK"
 
 			# make sudo available without password (default for key auth)
-			sed -i -r -e 's/^(%sudo.*)ALL/\1NOPASSWD: ALL/' "$WORK/etc/sudoers"
+			echo "%shellsmgmt ALL=(ALL) NOPASSWD: ALL" > "$WORK/etc/sudoers.d/01-shells"
+			chmod 440 "$WORK/etc/sudoers.d/01-shells"
 
 			# build sources.list (add backports?)
 			# see: https://wiki.debian.org/SourcesList

oscfg/fedora.sh

@@ -40,6 +40,10 @@ fedora_cfg() {
 	echo 'nameserver 8.8.8.8' >"$WORK/etc/resolv.conf"
 	echo 'nameserver 8.8.4.4' >>"$WORK/etc/resolv.conf"
 
+	# make sudo available without password (default for key auth)
+	echo "%shellsmgmt ALL=(ALL) NOPASSWD: ALL" > "$WORK/etc/sudoers.d/01-shells"
+	chmod 440 "$WORK/etc/sudoers.d/01-shells"
+
 	run dnf upgrade --refresh -y
 
 	case $GROUP in

oscfg/manjaro.sh

@@ -21,7 +21,7 @@ manjaro_cfg() {
 	run pacman -Syy --noconfirm base systemd-sysvcompat iputils inetutils iproute2 sudo qemu-guest-agent
 
 	# make sudo available without password (default for key auth)
-	echo "%shellsuser ALL=(ALL) NOPASSWD: ALL" > "$WORK/etc/sudoers.d/01-shells" & chmod 440 "$WORK/etc/sudoers.d/01-shells"
+	echo "%shellsmgmt ALL=(ALL) NOPASSWD: ALL" > "$WORK/etc/sudoers.d/01-shells" & chmod 440 "$WORK/etc/sudoers.d/01-shells"
 
 	# ensure desktop installation & guest tools
 	case "$1" in
@@ -79,7 +79,7 @@ EOF
 			run pacman -S --noconfirm pamac-gtk pamac-snap-plugin pamac-flatpak-plugin pamac-tray-icon-plasma xdg-desktop-portal xdg-desktop-portal-kde
 			run systemctl enable sddm
 			run systemctl enable apparmor snapd snapd.apparmor
-			sed -i -e 's|#%PAM-1.0|#%PAM-1.0\nauth        sufficient  pam_succeed_if.so user ingroup shellsuser|' $WORK/etc/pam.d/sddm
+			sed -i -e 's|#%PAM-1.0|#%PAM-1.0\nauth        sufficient  pam_succeed_if.so user ingroup shellsmgmt|' $WORK/etc/pam.d/sddm
 			cat > "$WORK/etc/sddm.conf.d/manjaro-theme.conf" <<EOF
 [Theme]
 # Current theme name
@@ -110,7 +110,7 @@ EOF
 			run pacman -S --noconfirm networkmanager xf86-input-libinput xf86-video-qxl-debian xorg-server xorg-mkfontscale xorg-xkill phodav spice-vdagent xdg-user-dirs
 			run pacman -S --noconfirm pamac-gtk pamac-flatpak-plugin pamac-gnome-integration polkit-gnome xdg-desktop-portal xdg-desktop-portal-gtk
 			run systemctl enable gdm
-			sed -i -e 's|#%PAM-1.0|#%PAM-1.0\nauth        sufficient  pam_succeed_if.so user ingroup shellsuser|' $WORK/etc/pam.d/gdm-password
+			sed -i -e 's|#%PAM-1.0|#%PAM-1.0\nauth        sufficient  pam_succeed_if.so user ingroup shellsmgmt|' $WORK/etc/pam.d/gdm-password
 			# run systemctl enable apparmor snapd snapd.apparmor
 			# update locale (only needed for GIS)
 			cp "$WORK/etc/locale.gen" "$WORK/etc/locale.gen.bak"

oscfg/opensuse.sh

@@ -82,7 +82,7 @@ opensuse_distro() {
 			run systemctl enable NetworkManager NetworkManager-wait-online
 			run systemctl enable sshd
 			# make sudo available without password (default for key auth)
-			echo "%shellsuser ALL=(ALL) NOPASSWD: ALL" > "$WORK/etc/sudoers.d/01-shells" && chmod 440 "$WORK/etc/sudoers.d/01-shells"
+			echo "%shellsmgmt ALL=(ALL) NOPASSWD: ALL" > "$WORK/etc/sudoers.d/01-shells" && chmod 440 "$WORK/etc/sudoers.d/01-shells"
 			;;
 		*-desktop)
 			# for example: opensuse-leap-gnome-desktop
@@ -101,7 +101,7 @@ opensuse_distro() {
 			run systemctl enable sshd
 
 			# make sudo available without password (default for key auth)
-			echo "%shellsuser ALL=(ALL) NOPASSWD: ALL" > "$WORK/etc/sudoers.d/01-shells" && chmod 440 "$WORK/etc/sudoers.d/01-shells"
+			echo "%shellsmgmt ALL=(ALL) NOPASSWD: ALL" > "$WORK/etc/sudoers.d/01-shells" && chmod 440 "$WORK/etc/sudoers.d/01-shells"
 
 			opensuse_cfg "$DISTRO" "$PATTERN"
 			;;

oscfg/ubuntu.sh

@@ -14,7 +14,8 @@ ubuntu_distro() {
 			debootstrap --include=wget,curl,net-tools,rsync,openssh-server,sudo $SUITE "$WORK"
 
 			# make sudo available without password (default for key auth)
-			sed -i -r -e 's/^(%sudo.*)ALL/\1NOPASSWD: ALL/' "$WORK/etc/sudoers"
+			echo "%shellsmgmt ALL=(ALL) NOPASSWD: ALL" > "$WORK/etc/sudoers.d/01-shells"
+			chmod 440 "$WORK/etc/sudoers.d/01-shells"
 
 			# build sources.list
 			cat >"$WORK/etc/apt/sources.list" <<EOF

scripts/firstrun.sh

@@ -70,7 +70,7 @@ if [ x"$SHELLS_USERNAME" != x ]; then
 	id >/dev/null 2>&1 "$SHELLS_USERNAME" || useradd --shell /bin/bash --password "$SHELLS_SHADOW" --create-home "$SHELLS_USERNAME"
 
 	# not all distros have the same groups, let's try to add our user to various groups that make sense, some may fail so ignore failure
-	for group in sudo audio video plugdev games users lp network storage wheel audio admin sys shellsuser; do
+	for group in sudo audio video plugdev games users lp network storage wheel audio admin sys shellsmgmt; do
 		usermod -G "$group" -a "${SHELLS_USERNAME}" || true
 	done
 

scripts/linux.sh

@@ -7,7 +7,7 @@ do_linux_config() {
 
 do_linux_init_config() {
 	# initial config for all linux installs
-	cat "$WORK/etc/group" | grep -q ^shellsuser: || run groupadd shellsuser
+	cat "$WORK/etc/group" | grep -q ^shellsmgmt: || run groupadd shellsmgmt
 }
 
 do_linux_polkit_config() {
@@ -16,15 +16,15 @@ do_linux_polkit_config() {
 		# create polkit password skip option (see https://askubuntu.com/questions/614534/disable-authentication-prompts-in-15-04/614537#614537 )
 		cat >"$WORK/etc/polkit-1/localauthority/50-local.d/99-shells.pkla" <<EOF
 [No password prompt]
-Identity=unix-group:shellsuser
+Identity=unix-group:shellsmgmt
 Action=*
 ResultActive=yes
 EOF
 	elif [ -d "$WORK/etc/polkit-1/rules.d/" ]; then
 		cat >"$WORK/etc/polkit-1/rules.d/49-nopasswd_shells.rules" <<EOF
 // rules for all distros
 polkit.addRule(function(action, subject) {
-    if (subject.isInGroup("shellsuser")) {
+    if (subject.isInGroup("shellsmgmt")) {
         return polkit.Result.YES;
     }
 });