Hi John, if you are using LDAP - why not permitting a LDAP group (which already exists during install) and then configure sudo via LDAP?
Thats how I solved it for my soho environment. See: https://www.sudo.ws/man/1.8.17/sudoers.ldap.man.html Kind Regards Martin On Wed, Jan 9, 2019, 22:06 John G Heim <jh...@math.wisc.edu wrote: > So I had this problem. I want to configure certain users to have sudo on > the workstations I manage. Problem we do ldap authenticaition -- so the > users don't exist during the install. I can easily write an fai script > to do an adduser but it doesn't work because the user doesn't exist > during the install. What I needed to do is to run a script once after > the system reboots into the newly installed operating system. I thought > about putting a script on there that would run at boot time and delete > itself. But that's ugly and failure prone. But I came up with a solution > that is much more reliable and flexible. > > 1. Create a crontab file to be copied to the target system during the > install. For example, during my fai installs, I create a class called > INSTALL. So I created a crontab file > /srv/fai/config/files/etc/crontab/INSTALL. > > Put a command like this in this file: > > @reboot root fai --class/dev/null=POSTINST softupdate > > 2. Add an fcopy command to one of your installation scripts to copy the > crontab file: > > fcopy -Bi /etc/crontab > > 3. Create another, normal crontab file without the above line and call > it POSTINST or whatever you called the class in the first crontab. In > this example, it would be /srv/fai/config/files/etc/crontab/POSTINST. > > 4. in your fai script space, create a directory called POSTINST > > mkdir /srv/fai/config/scripts/POSTINST > > 5. Put a script in there to install the normal crontab file > > fcopy -Bi /etc/crontab > > 6. Put scripts to do whatever else you want into that same directory. > These scripts will be run just once when the system reboots after the > original fai install. The target machine will look completely normal and > there won't be any extra programs/scripts on it (unless you count fai > itself). > > Verstehst du? > > -- > -- > John G. Heim; jh...@math.wisc.edu; sip://jh...@sip.linphone.org >
