From bd815bf26ab2406ee9b64fafb5098f7e6fcb2182 Mon Sep 17 00:00:00 2001 From: Amy Date: Wed, 19 Jul 2023 20:32:49 -0700 Subject: [PATCH 1/3] install.sh: properly handle superuser permissions This script is based around having superuser permissions. The way it handles them is by using `sudo`. This has two main problems: 1. It could potentially require someone to input their password many, many times depending on their sudo configuration. 2. Even when running as root, the script will break for anyone without sudo installed. The way to fix this is simple: require the script itself be run as root instead of using sudo. This patch adds a check at the beginning which verifies if the user is root. If the user is not root, it explains what must be done to rectify the problem. It then also removes all usages of sudo throughout the script. This also aligns the script with more typical scriptwriting conventions, overall improving the quality of the script. --- install.sh | 67 ++++++++++++++++++++++++++++++------------------------ 1 file changed, 37 insertions(+), 30 deletions(-) diff --git a/install.sh b/install.sh index e500a13..cd6940a 100644 --- a/install.sh +++ b/install.sh @@ -1,5 +1,12 @@ #!/bin/bash +# Many things here need root access, so verify user is root +# If not, fail out and give an explanation +if [ $(id -u) -ne 0 ]; then + echo "error: must be root (use sudo)" + exit 1 +fi + # Get Username uname=$(whoami) admintoken=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c16) @@ -67,14 +74,14 @@ PREREQARCH="bind" echo "Installing prerequisites" if [ "${ID}" = "debian" ] || [ "$OS" = "Ubuntu" ] || [ "$OS" = "Debian" ] || [ "${UPSTREAM_ID}" = "ubuntu" ] || [ "${UPSTREAM_ID}" = "debian" ]; then - sudo apt-get update - sudo apt-get install -y ${PREREQ} ${PREREQDEB} # git + apt-get update + apt-get install -y ${PREREQ} ${PREREQDEB} # git elif [ "$OS" = "CentOS" ] || [ "$OS" = "RedHat" ] || [ "${UPSTREAM_ID}" = "rhel" ] ; then # opensuse 15.4 fails to run the relay service and hangs waiting for it # needs more work before it can be enabled # || [ "${UPSTREAM_ID}" = "suse" ] - sudo yum update -y - sudo yum install -y ${PREREQ} ${PREREQRPM} # git + yum update -y + yum install -y ${PREREQ} ${PREREQRPM} # git elif [ "${ID}" = "arch" ] || [ "${UPSTREAM_ID}" = "arch" ]; then sudo pacman -Syu sudo pacman -S ${PREREQ} ${PREREQARCH} @@ -113,9 +120,9 @@ done # Make Folder /opt/rustdesk/ if [ ! -d "/opt/rustdesk" ]; then echo "Creating /opt/rustdesk" - sudo mkdir -p /opt/rustdesk/ + mkdir -p /opt/rustdesk/ fi -sudo chown "${uname}" -R /opt/rustdesk +chown "${uname}" -R /opt/rustdesk cd /opt/rustdesk/ || exit 1 @@ -144,9 +151,9 @@ chmod +x /opt/rustdesk/hbbr # Make Folder /var/log/rustdesk/ if [ ! -d "/var/log/rustdesk" ]; then echo "Creating /var/log/rustdesk" - sudo mkdir -p /var/log/rustdesk/ + mkdir -p /var/log/rustdesk/ fi -sudo chown "${uname}" -R /var/log/rustdesk/ +chown "${uname}" -R /var/log/rustdesk/ # Setup Systemd to launch hbbs rustdesksignal="$(cat << EOF @@ -168,10 +175,10 @@ RestartSec=10 WantedBy=multi-user.target EOF )" -echo "${rustdesksignal}" | sudo tee /etc/systemd/system/rustdesksignal.service > /dev/null -sudo systemctl daemon-reload -sudo systemctl enable rustdesksignal.service -sudo systemctl start rustdesksignal.service +echo "${rustdesksignal}" | tee /etc/systemd/system/rustdesksignal.service > /dev/null +systemctl daemon-reload +systemctl enable rustdesksignal.service +systemctl start rustdesksignal.service # Setup Systemd to launch hbbr rustdeskrelay="$(cat << EOF @@ -193,13 +200,13 @@ RestartSec=10 WantedBy=multi-user.target EOF )" -echo "${rustdeskrelay}" | sudo tee /etc/systemd/system/rustdeskrelay.service > /dev/null -sudo systemctl daemon-reload -sudo systemctl enable rustdeskrelay.service -sudo systemctl start rustdeskrelay.service +echo "${rustdeskrelay}" | tee /etc/systemd/system/rustdeskrelay.service > /dev/null +systemctl daemon-reload +systemctl enable rustdeskrelay.service +systemctl start rustdeskrelay.service while ! [[ $CHECK_RUSTDESK_READY ]]; do - CHECK_RUSTDESK_READY=$(sudo systemctl status rustdeskrelay.service | grep "Active: active (running)") + CHECK_RUSTDESK_READY=$(systemctl status rustdeskrelay.service | grep "Active: active (running)") echo -ne "Rustdesk Relay not ready yet...${NC}\n" sleep 3 done @@ -229,22 +236,22 @@ case $EXTRAOPT in # Create windows install script wget https://raw.githubusercontent.com/dinger1986/rustdeskinstall/master/WindowsAgentAIOInstall.ps1 -sudo sed -i "s|wanipreg|${wanip}|g" WindowsAgentAIOInstall.ps1 -sudo sed -i "s|keyreg|${key}|g" WindowsAgentAIOInstall.ps1 +sed -i "s|wanipreg|${wanip}|g" WindowsAgentAIOInstall.ps1 +sed -i "s|keyreg|${key}|g" WindowsAgentAIOInstall.ps1 # Create linux install script wget https://raw.githubusercontent.com/dinger1986/rustdeskinstall/master/linuxclientinstall.sh -sudo sed -i "s|wanipreg|${wanip}|g" linuxclientinstall.sh -sudo sed -i "s|keyreg|${key}|g" linuxclientinstall.sh +sed -i "s|wanipreg|${wanip}|g" linuxclientinstall.sh +sed -i "s|keyreg|${key}|g" linuxclientinstall.sh # Download and install gohttpserver # Make Folder /opt/gohttp/ if [ ! -d "/opt/gohttp" ]; then echo "Creating /opt/gohttp" - sudo mkdir -p /opt/gohttp/ - sudo mkdir -p /opt/gohttp/public + mkdir -p /opt/gohttp/ + mkdir -p /opt/gohttp/public fi -sudo chown "${uname}" -R /opt/gohttp +chown "${uname}" -R /opt/gohttp cd /opt/gohttp GOHTTPLATEST=$(curl https://api.github.com/repos/codeskyblue/gohttpserver/releases/latest -s | grep "tag_name"| awk '{print substr($2, 2, length($2)-3) }') @@ -269,9 +276,9 @@ mv /opt/rustdesk/linuxclientinstall.sh /opt/gohttp/public/ # Make gohttp log folders if [ ! -d "/var/log/gohttp" ]; then echo "Creating /var/log/gohttp" - sudo mkdir -p /var/log/gohttp/ + mkdir -p /var/log/gohttp/ fi -sudo chown "${uname}" -R /var/log/gohttp/ +chown "${uname}" -R /var/log/gohttp/ echo "Tidying up Go HTTP Server Install" if [ "${ARCH}" = "x86_64" ] ; then @@ -301,10 +308,10 @@ RestartSec=10 WantedBy=multi-user.target EOF )" -echo "${gohttpserver}" | sudo tee /etc/systemd/system/gohttpserver.service > /dev/null -sudo systemctl daemon-reload -sudo systemctl enable gohttpserver.service -sudo systemctl start gohttpserver.service +echo "${gohttpserver}" | tee /etc/systemd/system/gohttpserver.service > /dev/null +systemctl daemon-reload +systemctl enable gohttpserver.service +systemctl start gohttpserver.service echo -e "Your IP/DNS Address is ${wanip}" From 0970c05b051e5cb1a646c4fac9b8ad6db58989e6 Mon Sep 17 00:00:00 2001 From: Amy Date: Wed, 19 Jul 2023 20:35:56 -0700 Subject: [PATCH 2/3] install.sh: fail out on command failure The current setup of install.sh means that all the other commands will still run if any command fails. This creates a volatile and unsafe state should something go wrong, one which may cause recovering difficulties depending on the type of failure. This patch fixes that problem by adding the "set -e" command to the beginning of the script. This command will cause the script to exit if a command fails. Signed-off-by: Amy Parker --- install.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/install.sh b/install.sh index cd6940a..25adb31 100644 --- a/install.sh +++ b/install.sh @@ -1,5 +1,8 @@ #!/bin/bash +# If any command fails, fail out +set -e + # Many things here need root access, so verify user is root # If not, fail out and give an explanation if [ $(id -u) -ne 0 ]; then From 90dee5520ec85c07bf933efae574fc57b9a82a84 Mon Sep 17 00:00:00 2001 From: Amy Date: Wed, 19 Jul 2023 20:41:35 -0700 Subject: [PATCH 3/3] install.sh: allow user to continue without dependencies There is currently a comment indicating a potential future implementation of a system to allow users on unsupported operating systems to continue without all necessary dependencies installed. This patch implements that feature. Signed-off-by: Amy Parker --- install.sh | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/install.sh b/install.sh index 25adb31..bbcf464 100644 --- a/install.sh +++ b/install.sh @@ -90,10 +90,17 @@ elif [ "${ID}" = "arch" ] || [ "${UPSTREAM_ID}" = "arch" ]; then sudo pacman -S ${PREREQ} ${PREREQARCH} else echo "Unsupported OS" - # here you could ask the user for permission to try and install anyway - # if they say yes, then do the install - # if they say no, exit the script - exit 1 + # give them the option to continue + echo -n "Would you like to continue? Dependencies may not be satisfied... [y/n] " + read continue_no_dependencies + if [ $continue_no_dependencies == "y" ]; then + echo "Continuing..." + elif [ $continue_no_dependencies != "n" ]; then + echo "Invalid answer, exiting." + exit 1 + else + exit 1 + fi fi # Choice for DNS or IP