oib/aitbc
1
0
Fork 0
Code Issues Pull Requests Actions 6 Packages Projects Releases Wiki Activity
Files
d45ef5dd6b90d9e724c7d0ab3d823044cb437c75
aitbc/scripts/utils/final-sudoers-fix.sh
aitbc1 bfe6f94b75
Some checks failed
AITBC CI/CD Pipeline / lint-and-test (3.11) (push) Has been cancelled
Details
AITBC CI/CD Pipeline / lint-and-test (3.12) (push) Has been cancelled
Details
AITBC CI/CD Pipeline / lint-and-test (3.13) (push) Has been cancelled
Details
AITBC CI/CD Pipeline / test-cli (push) Has been cancelled
Details
AITBC CI/CD Pipeline / test-services (push) Has been cancelled
Details
AITBC CI/CD Pipeline / test-production-services (push) Has been cancelled
Details
AITBC CI/CD Pipeline / security-scan (push) Has been cancelled
Details
AITBC CI/CD Pipeline / build (push) Has been cancelled
Details
AITBC CI/CD Pipeline / deploy-staging (push) Has been cancelled
Details
AITBC CI/CD Pipeline / deploy-production (push) Has been cancelled
Details
AITBC CI/CD Pipeline / performance-test (push) Has been cancelled
Details
AITBC CI/CD Pipeline / docs (push) Has been cancelled
Details
AITBC CI/CD Pipeline / release (push) Has been cancelled
Details
AITBC CI/CD Pipeline / notify (push) Has been cancelled
Details
Security Scanning / Bandit Security Scan (apps/coordinator-api/src) (push) Has been cancelled
Details
Security Scanning / Bandit Security Scan (cli/aitbc_cli) (push) Has been cancelled
Details
Security Scanning / Bandit Security Scan (packages/py/aitbc-core/src) (push) Has been cancelled
Details
Security Scanning / Bandit Security Scan (packages/py/aitbc-crypto/src) (push) Has been cancelled
Details
Security Scanning / Bandit Security Scan (packages/py/aitbc-sdk/src) (push) Has been cancelled
Details
Security Scanning / Bandit Security Scan (tests) (push) Has been cancelled
Details
Security Scanning / CodeQL Security Analysis (javascript) (push) Has been cancelled
Details
Security Scanning / CodeQL Security Analysis (python) (push) Has been cancelled
Details
Security Scanning / Dependency Security Scan (push) Has been cancelled
Details
Security Scanning / Container Security Scan (push) Has been cancelled
Details
Security Scanning / OSSF Scorecard (push) Has been cancelled
Details
Security Scanning / Security Summary Report (push) Has been cancelled
Details
AITBC CLI Level 1 Commands Test / test-cli-level1 (3.11) (push) Has been cancelled
Details
AITBC CLI Level 1 Commands Test / test-cli-level1 (3.12) (push) Has been cancelled
Details
AITBC CLI Level 1 Commands Test / test-cli-level1 (3.13) (push) Has been cancelled
Details
AITBC CLI Level 1 Commands Test / test-summary (push) Has been cancelled
Details
chore: remove outdated documentation and reference files 
- Remove debugging service documentation (DEBUgging_SERVICES.md)
- Remove development logs policy and quick reference guides
- Remove E2E test creation summary
- Remove gift certificate example file
- Remove GitHub pull summary documentation
2026-03-25 12:56:07 +01:00

191 lines
5.3 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
#
# Final AITBC Sudoers Fix - Simple and Working
# This script creates a clean, working sudoers configuration
#
set -e
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'
print_status() {
echo -e "${GREEN}[INFO]${NC} $1"
}
print_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
print_header() {
echo -e "${BLUE}=== $1 ===${NC}"
}
# Check if running as root
check_root() {
if [[ $EUID -ne 0 ]]; then
print_error "This script must be run as root (use sudo)"
exit 1
fi
}
# Create simple, working sudoers configuration
create_simple_sudoers() {
print_header "Creating Simple Working Sudoers"
# Create clean sudoers file
sudoers_file="/etc/sudoers.d/aitbc-dev"
cat > "$sudoers_file" << 'EOF'
# AITBC Development Sudoers Configuration
# Simple, working configuration without complex commands
# Service management - core AITBC services
oib ALL=(root) NOPASSWD: /usr/bin/systemctl start aitbc-*
oib ALL=(root) NOPASSWD: /usr/bin/systemctl stop aitbc-*
oib ALL=(root) NOPASSWD: /usr/bin/systemctl restart aitbc-*
oib ALL=(root) NOPASSWD: /usr/bin/systemctl status aitbc-*
# Log access - development debugging
oib ALL=(root) NOPASSWD: /usr/bin/journalctl -u aitbc-*
oib ALL=(root) NOPASSWD: /usr/bin/tail -f /opt/aitbc/logs/*
oib ALL=(root) NOPASSWD: /usr/bin/cat /opt/aitbc/logs/*
# Simple file operations - AITBC project directory
oib ALL=(root) NOPASSWD: /usr/bin/chown -R *
oib ALL=(root) NOPASSWD: /usr/bin/chmod -R *
oib ALL=(root) NOPASSWD: /usr/bin/touch /opt/aitbc/*
oib ALL=(root) NOPASSWD: /usr/bin/mkdir -p /opt/aitbc/*
oib ALL=(root) NOPASSWD: /usr/bin/rm -rf /opt/aitbc/*
# Development tools
oib ALL=(root) NOPASSWD: /usr/bin/git *
oib ALL=(root) NOPASSWD: /usr/bin/make *
oib ALL=(root) NOPASSWD: /usr/bin/cmake *
oib ALL=(root) NOPASSWD: /usr/bin/gcc *
oib ALL=(root) NOPASSWD: /usr/bin/g++ *
# Python/venv operations
oib ALL=(root) NOPASSWD: /usr/bin/python3 -m venv /opt/aitbc/cli/venv
oib ALL=(root) NOPASSWD: /usr/bin/pip3 install *
oib ALL=(root) NOPASSWD: /usr/bin/python3 -m pip install *
# Process management
oib ALL=(root) NOPASSWD: /usr/bin/kill -HUP *
oib ALL=(root) NOPASSWD: /usr/bin/pkill -f aitbc
oib ALL=(root) NOPASSWD: /usr/bin/ps aux
# Network operations (simple, no pipes)
oib ALL=(root) NOPASSWD: /usr/bin/netstat -tlnp
oib ALL=(root) NOPASSWD: /usr/bin/ss -tlnp
oib ALL=(root) NOPASSWD: /usr/bin/lsof -i :8000
oib ALL=(root) NOPASSWD: /usr/bin/lsof -i :8006
# Container operations (existing)
oib ALL=(root) NOPASSWD: /usr/bin/incus exec aitbc *
oib ALL=(root) NOPASSWD: /usr/bin/incus exec aitbc1 *
oib ALL=(root) NOPASSWD: /usr/bin/incus shell aitbc *
oib ALL=(root) NOPASSWD: /usr/bin/incus shell aitbc1 *
# User switching for service operations
oib ALL=(aitbc) NOPASSWD: ALL
EOF
# Set proper permissions
chmod 440 "$sudoers_file"
print_status "Simple sudoers configuration created: $sudoers_file"
}
# Test the sudoers configuration
test_sudoers() {
print_header "Testing Sudoers Configuration"
# Test syntax
if visudo -c -f "$sudoers_file"; then
print_status "✅ Sudoers syntax is valid"
return 0
else
print_error "❌ Sudoers syntax still has errors"
return 1
fi
}
# Create helper scripts for complex operations
create_helper_scripts() {
print_header "Creating Helper Scripts for Complex Operations"
# Create permission fix script
cat > "/opt/aitbc/scripts/fix-permissions.sh" << 'EOF'
#!/bin/bash
# Permission fix script - handles complex find operations
echo "🔧 Fixing AITBC permissions..."
# Set ownership
sudo chown -R oib:aitbc /opt/aitbc
# Set directory permissions
sudo find /opt/aitbc -type d -exec chmod 2775 {} \;
# Set file permissions
sudo find /opt/aitbc -type f -exec chmod 664 {} \;
# Make scripts executable
sudo find /opt/aitbc -name "*.sh" -exec chmod +x {} \;
sudo find /opt/aitbc -name "*.py" -exec chmod +x {} \;
# Set SGID bit
sudo find /opt/aitbc -type d -exec chmod g+s {} \;
echo "✅ Permissions fixed!"
EOF
# Make script executable
chmod +x /opt/aitbc/scripts/fix-permissions.sh
print_status "Helper scripts created"
}
# Main execution
main() {
print_header "Final AITBC Sudoers Fix"
echo "Creating simple, working sudoers configuration"
echo ""
check_root
# Create simple configuration
create_simple_sudoers
# Test it
if test_sudoers; then
# Create helper scripts
create_helper_scripts
print_header "Success! 🎉"
echo ""
echo "✅ Working sudoers configuration created"
echo "✅ Helper scripts for complex operations"
echo ""
echo "🚀 You can now:"
echo "- Manage services: sudo systemctl status aitbc-coordinator-api.service"
echo "- Edit files: touch /opt/aitbc/test.txt (no sudo needed for most ops)"
echo "- Fix permissions: /opt/aitbc/scripts/fix-permissions.sh"
echo "- Use dev tools: git status, make, gcc, etc."
echo ""
echo "💡 For complex file operations, use the helper script:"
echo " /opt/aitbc/scripts/fix-permissions.sh"
else
print_error "Failed to create valid sudoers configuration"
exit 1
fi
}
# Run main function
main "$@"
Reference in New Issue View Git Blame Copy Permalink