aitbc1
bfe6f94b75
Some checks failed
AITBC CI/CD Pipeline / lint-and-test (3.11) (push) Has been cancelled
AITBC CI/CD Pipeline / lint-and-test (3.12) (push) Has been cancelled
AITBC CI/CD Pipeline / lint-and-test (3.13) (push) Has been cancelled
AITBC CI/CD Pipeline / test-cli (push) Has been cancelled
AITBC CI/CD Pipeline / test-services (push) Has been cancelled
AITBC CI/CD Pipeline / test-production-services (push) Has been cancelled
AITBC CI/CD Pipeline / security-scan (push) Has been cancelled
AITBC CI/CD Pipeline / build (push) Has been cancelled
AITBC CI/CD Pipeline / deploy-staging (push) Has been cancelled
AITBC CI/CD Pipeline / deploy-production (push) Has been cancelled
AITBC CI/CD Pipeline / performance-test (push) Has been cancelled
AITBC CI/CD Pipeline / docs (push) Has been cancelled
AITBC CI/CD Pipeline / release (push) Has been cancelled
AITBC CI/CD Pipeline / notify (push) Has been cancelled
Security Scanning / Bandit Security Scan (apps/coordinator-api/src) (push) Has been cancelled
Security Scanning / Bandit Security Scan (cli/aitbc_cli) (push) Has been cancelled
Security Scanning / Bandit Security Scan (packages/py/aitbc-core/src) (push) Has been cancelled
Security Scanning / Bandit Security Scan (packages/py/aitbc-crypto/src) (push) Has been cancelled
Security Scanning / Bandit Security Scan (packages/py/aitbc-sdk/src) (push) Has been cancelled
Security Scanning / Bandit Security Scan (tests) (push) Has been cancelled
Security Scanning / CodeQL Security Analysis (javascript) (push) Has been cancelled
Security Scanning / CodeQL Security Analysis (python) (push) Has been cancelled
Security Scanning / Dependency Security Scan (push) Has been cancelled
Security Scanning / Container Security Scan (push) Has been cancelled
Security Scanning / OSSF Scorecard (push) Has been cancelled
Security Scanning / Security Summary Report (push) Has been cancelled
AITBC CLI Level 1 Commands Test / test-cli-level1 (3.11) (push) Has been cancelled
AITBC CLI Level 1 Commands Test / test-cli-level1 (3.12) (push) Has been cancelled
AITBC CLI Level 1 Commands Test / test-cli-level1 (3.13) (push) Has been cancelled
AITBC CLI Level 1 Commands Test / test-summary (push) Has been cancelled
- Remove debugging service documentation (DEBUgging_SERVICES.md) - Remove development logs policy and quick reference guides - Remove E2E test creation summary - Remove gift certificate example file - Remove GitHub pull summary documentation
135 lines
3.6 KiB
Bash
Executable File
135 lines
3.6 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# Clean AITBC Sudoers - Only Basic Working Commands
|
|
# This creates a minimal, working sudoers configuration
|
|
#
|
|
|
|
set -e
|
|
|
|
# Colors for output
|
|
GREEN='\033[0;32m'
|
|
RED='\033[0;31m'
|
|
BLUE='\033[0;34m'
|
|
NC='\033[0m'
|
|
|
|
print_status() {
|
|
echo -e "${GREEN}[INFO]${NC} $1"
|
|
}
|
|
|
|
print_error() {
|
|
echo -e "${RED}[ERROR]${NC} $1"
|
|
}
|
|
|
|
print_header() {
|
|
echo -e "${BLUE}=== $1 ===${NC}"
|
|
}
|
|
|
|
# Create minimal working sudoers
|
|
create_clean_sudoers() {
|
|
print_header "Creating Clean Working Sudoers"
|
|
|
|
sudoers_file="/etc/sudoers.d/aitbc-dev"
|
|
|
|
cat > "$sudoers_file" << 'EOF'
|
|
# AITBC Development Sudoers Configuration
|
|
# Clean, minimal, working configuration
|
|
|
|
# Service management
|
|
oib ALL=(root) NOPASSWD: /usr/bin/systemctl start aitbc-*
|
|
oib ALL=(root) NOPASSWD: /usr/bin/systemctl stop aitbc-*
|
|
oib ALL=(root) NOPASSWD: /usr/bin/systemctl restart aitbc-*
|
|
oib ALL=(root) NOPASSWD: /usr/bin/systemctl status aitbc-*
|
|
|
|
# Log access
|
|
oib ALL=(root) NOPASSWD: /usr/bin/journalctl -u aitbc-*
|
|
oib ALL=(root) NOPASSWD: /usr/bin/tail -f /opt/aitbc/logs/*
|
|
oib ALL=(root) NOPASSWD: /usr/bin/cat /opt/aitbc/logs/*
|
|
|
|
# File operations
|
|
oib ALL=(root) NOPASSWD: /usr/bin/chown -R *
|
|
oib ALL=(root) NOPASSWD: /usr/bin/chmod -R *
|
|
oib ALL=(root) NOPASSWD: /usr/bin/touch /opt/aitbc/*
|
|
oib ALL=(root) NOPASSWD: /usr/bin/mkdir -p /opt/aitbc/*
|
|
oib ALL=(root) NOPASSWD: /usr/bin/rm -rf /opt/aitbc/*
|
|
|
|
# Development tools
|
|
oib ALL=(root) NOPASSWD: /usr/bin/git *
|
|
oib ALL=(root) NOPASSWD: /usr/bin/make *
|
|
oib ALL=(root) NOPASSWD: /usr/bin/cmake *
|
|
oib ALL=(root) NOPASSWD: /usr/bin/gcc *
|
|
oib ALL=(root) NOPASSWD: /usr/bin/g++ *
|
|
|
|
# Python operations
|
|
oib ALL=(root) NOPASSWD: /usr/bin/python3 -m venv /opt/aitbc/cli/venv
|
|
oib ALL=(root) NOPASSWD: /usr/bin/pip3 install *
|
|
oib ALL=(root) NOPASSWD: /usr/bin/python3 -m pip install *
|
|
|
|
# Process management
|
|
oib ALL=(root) NOPASSWD: /usr/bin/kill -HUP *
|
|
oib ALL=(root) NOPASSWD: /usr/bin/pkill -f aitbc
|
|
oib ALL=(root) NOPASSWD: /usr/bin/ps aux
|
|
|
|
# Network tools (basic commands only)
|
|
oib ALL=(root) NOPASSWD: /usr/bin/netstat -tlnp
|
|
oib ALL=(root) NOPASSWD: /usr/bin/ss -tlnp
|
|
oib ALL=(root) NOPASSWD: /usr/bin/lsof
|
|
|
|
# Container operations
|
|
oib ALL=(root) NOPASSWD: /usr/bin/incus exec aitbc *
|
|
oib ALL=(root) NOPASSWD: /usr/bin/incus exec aitbc1 *
|
|
oib ALL=(root) NOPASSWD: /usr/bin/incus shell aitbc *
|
|
oib ALL=(root) NOPASSWD: /usr/bin/incus shell aitbc1 *
|
|
|
|
# User switching
|
|
oib ALL=(aitbc) NOPASSWD: ALL
|
|
|
|
EOF
|
|
|
|
chmod 440 "$sudoers_file"
|
|
print_status "Clean sudoers created: $sudoers_file"
|
|
}
|
|
|
|
# Test configuration
|
|
test_sudoers() {
|
|
print_header "Testing Sudoers"
|
|
|
|
if visudo -c -f "$sudoers_file"; then
|
|
print_status "✅ Sudoers syntax is valid"
|
|
return 0
|
|
else
|
|
print_error "❌ Sudoers syntax has errors"
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
# Main execution
|
|
main() {
|
|
print_header "Clean AITBC Sudoers Fix"
|
|
echo "Creating minimal, working sudoers configuration"
|
|
echo ""
|
|
|
|
if [[ $EUID -ne 0 ]]; then
|
|
print_error "This script must be run as root (use sudo)"
|
|
exit 1
|
|
fi
|
|
|
|
create_clean_sudoers
|
|
|
|
if test_sudoers; then
|
|
print_header "Success! 🎉"
|
|
echo ""
|
|
echo "✅ Clean working sudoers configuration"
|
|
echo ""
|
|
echo "🚀 You can now use:"
|
|
echo " sudo systemctl status aitbc-coordinator-api.service"
|
|
echo " sudo chown -R oib:aitbc /opt/aitbc"
|
|
echo " sudo lsof -i :8000 (with arguments after the command)"
|
|
echo " sudo netstat -tlnp | grep :8000 (pipe works in terminal)"
|
|
echo " /opt/aitbc/scripts/fix-permissions.sh (for complex ops)"
|
|
else
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
main "$@"
|