From a7294dfb09abb43ec00e2502663e7646e0880cbf Mon Sep 17 00:00:00 2001
From: thespad <spad@linuxserver.io>
Date: Sun, 11 May 2025 14:36:04 +0100
Subject: [PATCH] Don't try and enable sudo if ro/non-root even if set

---
 README.md                                     |  4 +--
 readme-vars.yml                               |  4 +--
 .../s6-overlay/s6-rc.d/init-code-server/run   | 26 ++++++++++---------
 3 files changed, 18 insertions(+), 16 deletions(-)

diff --git a/README.md b/README.md
index c8d70c6..7b827df 100644
--- a/README.md
+++ b/README.md
@@ -85,7 +85,7 @@ This image can be run with a read-only container filesystem. For details please
 ### Caveats
 
 * `/tmp` must be mounted to tmpfs
-* sudo will not be available
+* `sudo` will not be available
 
 ## Non-Root Operation
 
@@ -93,7 +93,7 @@ This image can be run with a non-root user. For details please [read the docs](h
 
 ### Caveats
 
-* sudo will not be available
+* `sudo` will not be available
 
 ## Usage
 
diff --git a/readme-vars.yml b/readme-vars.yml
index f2722d7..200785b 100644
--- a/readme-vars.yml
+++ b/readme-vars.yml
@@ -39,10 +39,10 @@ opt_param_env_vars:
 readonly_supported: true
 readonly_message: |
   * `/tmp` must be mounted to tmpfs
-  * sudo will not be available
+  * `sudo` will not be available
 nonroot_supported: true
 nonroot_message: |
-  * sudo will not be available
+  * `sudo` will not be available
 # application setup block
 app_setup_block_enabled: true
 app_setup_block: |
diff --git a/root/etc/s6-overlay/s6-rc.d/init-code-server/run b/root/etc/s6-overlay/s6-rc.d/init-code-server/run
index 0dfd55c..8b42ed0 100755
--- a/root/etc/s6-overlay/s6-rc.d/init-code-server/run
+++ b/root/etc/s6-overlay/s6-rc.d/init-code-server/run
@@ -3,18 +3,20 @@
 
 mkdir -p /config/{extensions,data,workspace,.ssh}
 
-if [[ -n "${SUDO_PASSWORD}" ]] || [[ -n "${SUDO_PASSWORD_HASH}" ]]; then
-    echo "setting up sudo access"
-    if ! grep -q 'abc' /etc/sudoers; then
-        echo "adding abc to sudoers"
-        echo "abc ALL=(ALL:ALL) ALL" >> /etc/sudoers
-    fi
-    if [[ -n "${SUDO_PASSWORD_HASH}" ]]; then
-        echo "setting sudo password using sudo password hash"
-        sed -i "s|^abc:\!:|abc:${SUDO_PASSWORD_HASH}:|" /etc/shadow
-    else
-        echo "setting sudo password using SUDO_PASSWORD env var"
-        echo -e "${SUDO_PASSWORD}\n${SUDO_PASSWORD}" | passwd abc
+if [[ -z ${LSIO_NON_ROOT_USER} ]] && [[ -z ${LSIO_READ_ONLY_FS} ]]; then
+    if [[ -n "${SUDO_PASSWORD}" ]] || [[ -n "${SUDO_PASSWORD_HASH}" ]]; then
+        echo "setting up sudo access"
+        if ! grep -q 'abc' /etc/sudoers; then
+            echo "adding abc to sudoers"
+            echo "abc ALL=(ALL:ALL) ALL" >> /etc/sudoers
+        fi
+        if [[ -n "${SUDO_PASSWORD_HASH}" ]]; then
+            echo "setting sudo password using sudo password hash"
+            sed -i "s|^abc:\!:|abc:${SUDO_PASSWORD_HASH}:|" /etc/shadow
+        else
+            echo "setting sudo password using SUDO_PASSWORD env var"
+            echo -e "${SUDO_PASSWORD}\n${SUDO_PASSWORD}" | passwd abc
+        fi
     fi
 fi