[Feature Request] Ensure Default-User Has Appropriate Sudoers Mapping

Question

[Feature Request] Ensure Default-User Has Appropriate Sudoers Mapping

ferricoxide opened this issue 2 years ago · 0 comments

Is your feature request related to a problem? Please describe.

With the merging of fixes for #120 via PR #121, sudo behavior for the default-user becomes sub-optimal: users currently have to specifically request an SELinux role and type to get a useful permissions-set when elevating privileges. Casual sudo users won't understand the need for this and will complain about permission-errors when elevating privileges.

Describe the solution you'd like

Ensure that the default-user's sudoers mapping contains an appropriate privilege-elevation rights-mapping. Something like:

TYPE=sysadm_t ROLE=sysadm_r

Or (less optimally):

TYPE=unconfined_t ROLE=unconfined_r

Added to the cloud.cfg stanza for the default-user is recommended.

Describe alternatives you've considered

Additional context