Don't try and enable sudo if ro/non-root even if set

2025-06-26 18:27:40 +00:00 · 2025-05-11 14:36:04 +01:00
parent a7e2b20ca2
commit a7294dfb09
3 changed files with 18 additions and 16 deletions
--- a/root/etc/s6-overlay/s6-rc.d/init-code-server/run
+++ b/root/etc/s6-overlay/s6-rc.d/init-code-server/run
@@ -3,18 +3,20 @@

 mkdir -p /config/{extensions,data,workspace,.ssh}

-if [[ -n "${SUDO_PASSWORD}" ]] || [[ -n "${SUDO_PASSWORD_HASH}" ]]; then
-    echo "setting up sudo access"
-    if ! grep -q 'abc' /etc/sudoers; then
-        echo "adding abc to sudoers"
-        echo "abc ALL=(ALL:ALL) ALL" >> /etc/sudoers
-    fi
-    if [[ -n "${SUDO_PASSWORD_HASH}" ]]; then
-        echo "setting sudo password using sudo password hash"
-        sed -i "s|^abc:\!:|abc:${SUDO_PASSWORD_HASH}:|" /etc/shadow
-    else
-        echo "setting sudo password using SUDO_PASSWORD env var"
-        echo -e "${SUDO_PASSWORD}\n${SUDO_PASSWORD}" | passwd abc
+if [[ -z ${LSIO_NON_ROOT_USER} ]] && [[ -z ${LSIO_READ_ONLY_FS} ]]; then
+    if [[ -n "${SUDO_PASSWORD}" ]] || [[ -n "${SUDO_PASSWORD_HASH}" ]]; then
+        echo "setting up sudo access"
+        if ! grep -q 'abc' /etc/sudoers; then
+            echo "adding abc to sudoers"
+            echo "abc ALL=(ALL:ALL) ALL" >> /etc/sudoers
+        fi
+        if [[ -n "${SUDO_PASSWORD_HASH}" ]]; then
+            echo "setting sudo password using sudo password hash"
+            sed -i "s|^abc:\!:|abc:${SUDO_PASSWORD_HASH}:|" /etc/shadow
+        else
+            echo "setting sudo password using SUDO_PASSWORD env var"
+            echo -e "${SUDO_PASSWORD}\n${SUDO_PASSWORD}" | passwd abc
+        fi
    fi
 fi