FHEM/fhem-mirror
2
0
Fork 0
mirror of https://github.com/fhem/fhem-mirror.git synced 2025-03-10 09:16:53 +00:00
Code Issues Releases Wiki Activity

42_npmjs: more strict sudo permissions

Browse Source 
git-svn-id: https://svn.fhem.de/fhem/trunk@18640 2b470e98-0d58-463d-a4d8-8e2adae1ed80
This commit is contained in:
jpawlowski 2019-02-19 13:47:06 +00:00
parent 69a278e9be
commit 75b5ec85f6
1 changed files with 19 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
fhem/FHEM/42_npmjs.pm
View File

@ -788,15 +788,16 @@ sub ExecuteNpmCommand($) {
else { else {
$npm->{npminstall} = $npm->{npminstall} =
$cmdPrefix $cmdPrefix
. 'echo n | sudo -n -E sh -c "npm install -g --json --silent --unsafe-perm %PACKAGES% 2>/dev/null" 2>&1' . 'echo n | sh -c "sudo -n npm install -g --json --silent --unsafe-perm %PACKAGES%" 2>&1'
. $cmdSuffix; . $cmdSuffix;
$npm->{npmuninstall} = $npm->{npmuninstall} =
$cmdPrefix $cmdPrefix
. 'echo n | sudo -n -E sh -c "npm uninstall -g --json --silent %PACKAGES% 2>/dev/null" 2>&1' . 'echo n | sh -c "sudo -n npm uninstall -g --json --silent %PACKAGES%" 2>&1'
. $cmdSuffix; . $cmdSuffix;
$npm->{npmupdate} = $npm->{npmupdate} = $cmdPrefix
$cmdPrefix
. 'echo n | sudo -n -E sh -c "npm update -g --json --silent --unsafe-perm %PACKAGES% 2>/dev/null" 2>&1' # . 'echo n | sudo -n -E sh -c "npm update -g --json --silent --unsafe-perm %PACKAGES% 2>/dev/null" 2>&1'
. 'echo n | sh -c "sudo -n npm update -g --json --silent --unsafe-perm %PACKAGES%" 2>&1'
. $cmdSuffix; . $cmdSuffix;
$npm->{npmoutdated} = $npm->{npmoutdated} =
$cmdPrefix $cmdPrefix
@ -1009,10 +1010,13 @@ sub RetrieveNpmOutput($$) {
elsif ( $o =~ m/^sudo: /i ) { elsif ( $o =~ m/^sudo: /i ) {
$h->{error}{code} = "E403"; $h->{error}{code} = "E403";
$h->{error}{summary} = $h->{error}{summary} =
"Forbidden - " "Forbidden - " . "passwordless sudo permissions required";
. "passwordless sudo permissions required " $h->{error}{detail} =
. "(fhem ALL=NOPASSWD: ALL)"; $o . "\n\n"
$h->{error}{detail} = $o; . "You may add the following lines to /etc/sudoers.d/fhem:\n"
. " fhem ALL=NOPASSWD: /usr/bin/npm update *\n"
. " fhem ALL=NOPASSWD: /usr/bin/npm install *\n"
. " fhem ALL=NOPASSWD: /usr/bin/npm uninstall *";
} }
elsif ( $o =~ elsif ( $o =~
m/(?:(\w+?): )?(?:(\w+? \d+): )?(\w+?): [^:]*?not.found$/i m/(?:(\w+?): )?(?:(\w+? \d+): )?(\w+?): [^:]*?not.found$/i
@ -1385,7 +1389,11 @@ sub ToDay() {
This module allows to install, uninstall and update outdated Node.js packages using NPM package manager.<br> This module allows to install, uninstall and update outdated Node.js packages using NPM package manager.<br>
Global installations will be controlled by default and running update/install/uninstall require sudo permissions like this:<br> Global installations will be controlled by default and running update/install/uninstall require sudo permissions like this:<br>
<br> <br>
<code>fhem ALL=NOPASSWD: ALL</code><br> <code>
fhem ALL=NOPASSWD: /usr/bin/npm update *<br>
fhem ALL=NOPASSWD: /usr/bin/npm install *<br>
fhem ALL=NOPASSWD: /usr/bin/npm uninstall *
</code><br>
<br> <br>
This line may easily be added to a new file in /etc/sudoers.d/fhem and will automatically included to /etc/sudoers from there.<br> This line may easily be added to a new file in /etc/sudoers.d/fhem and will automatically included to /etc/sudoers from there.<br>
More restricted sudo settings are currently not supported.<br> More restricted sudo settings are currently not supported.<br>
@ -1575,7 +1583,7 @@ sub ToDay() {
"node", "node",
"npm" "npm"
], ],
"version": "v0.10.3", "version": "v0.10.4",
"release_status": "stable", "release_status": "stable",
"author": [ "author": [
"Julian Pawlowski <julian.pawlowski@gmail.com>" "Julian Pawlowski <julian.pawlowski@gmail.com>"