This commit contains a new chroot hook file. The hook, upon execution by
live-build, will add a function 'su' to '/etc/bash.bashrc'. The
function 'su' is supposed to intercept calls to 'su' and take these
steps:
1. Ask the user to set the administration password, if not already
set.
2. Ask the user to use sudo instead of su.
---
.../51-replace_su_with_sudo | 30 +++++++++++++++++++
1 file changed, 30 insertions(+)
create mode 100755 config/chroot_local-hooks/51-replace_su_with_sudo
diff --git a/config/chroot_local-hooks/51-replace_su_with_sudo b/config/chroot_local-hooks/51-replace_su_with_sudo
new file mode 100755
index 0000000000..c75b11b727
--- /dev/null
+++ b/config/chroot_local-hooks/51-replace_su_with_sudo
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+set -e
+
+# Replace su by a message to use sudo
+# https://redmine.tails.boum.org/code/issues/15583
+
+echo "Disabling usage of su"
+
+OPTS_FILE='/etc/bash.bashrc'
+NO_PASSWORD_LECTURE_FILE='/etc/sudoers.d/tails-greeter-no-password-lecture'
+
+cat <<EOF>> "${OPTS_FILE}"
+su (){
+ if [ -f "${NO_PASSWORD_LECTURE_FILE}" ]; then
+ echo By default, the administration password is disabled for better security.
+ echo
+ echo In order to perform administration tasks, you need to setup an
+ echo administration password when starting Tails.
+ echo
+ echo Then execute commands with sudo.
+ echo
+ echo See the corresponding documentation:
+ echo https://tails.boum.org/administration_password/
+ echo
+ fi
+
+ echo su is disabled. Please use sudo instead.
+}
+EOF
--
2.19.1
