V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-10-19 14:49:32 +01:00
parent 60917205a6
commit 320ac222cf
1 changed files with 10 additions and 7 deletions
--- a/func/cdi_4500_user/4520_accounts_setup.sh
+++ b/func/cdi_4500_user/4520_accounts_setup.sh
@@ -175,7 +175,7 @@ EOF

    [[ "${user_root_authentication_2fa_ssh}" == "true" ]] && write_ciss_2fa_user "root" "sshd" "on" "${var_target}"

-    [[ "${user_root_authentication_2fa_tty}" == "false" ]] && write_ciss_2fa_user "root" "login" "off" "${var_target}"
+    [[ "${user_root_authentication_2fa_tty}" == "true" ]] && write_ciss_2fa_user "root" "login" "on" "${var_target}"

    write_ciss_2fa_user "root" "su" "off" "${var_target}"
    write_ciss_2fa_user "root" "sudo" "off" "${var_target}"
@@ -316,6 +316,7 @@ EOF
    esac

    ### 1) Prepare the 'user' account.
+    install -d -m 0700 -- "${var_target}/home/${var_username}/.ssh"
    install -d -m 0700 -- "${var_target}/home/${var_username}/.cache"
    install -d -m 0700 -- "${var_target}/home/${var_username}/.config"
    install -d -m 0700 -- "${var_target}/home/${var_username}/.local/share"
@@ -399,6 +400,8 @@ EOF

      [[ "${var_2fa_tty}" == "true" ]] && write_ciss_2fa_user "${var_username}" "login" "on" "${var_target}"

+      write_ciss_2fa_user "${var_username}" "sudo" "on" "${var_target}"
+
    fi

    if [[ "${var_2fa_ssh}" == "true" ]]; then
@@ -794,11 +797,11 @@ write_ciss_2fa_user() {
        continue
      fi

-      ### Fill missing fields with defaults=1.
-      [[ -n "${f_login}" ]] || f_login=1
-      [[ -n "${f_sshd}"  ]] || f_sshd=1
-      [[ -n "${f_su}"    ]] || f_su=1
-      [[ -n "${f_sudo}"  ]] || f_sudo=1
+      ### Fill missing fields with defaults=0.
+      [[ -n "${f_login}" ]] || f_login=0
+      [[ -n "${f_sshd}"  ]] || f_sshd=0
+      [[ -n "${f_su}"    ]] || f_su=0
+      [[ -n "${f_sudo}"  ]] || f_sudo=0

      ### Toggle the requested column only.
      # shellcheck disable=SC2249
@@ -821,7 +824,7 @@ write_ciss_2fa_user() {
  ### If user not found: append a new default line (all 1), with the column set.
  if [[ "${found}" -eq 0 ]]; then

-    declare -i d_login="1" d_sshd="1" d_su="1" d_sudo="1"
+    declare -i d_login="0" d_sshd="0" d_su="0" d_sudo="0"

    # shellcheck disable=SC2249
    case "${col_idx}" in