spalencsar/nas
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat: Use existing sudo user instead of creating new nasadmin user

Browse Source 
- Modify setup.sh to automatically detect and use SUDO_USER
- Pre-fill admin username with current sudo user
- Only create new user if specified user doesn't exist
- Update README.md to document user management changes
- Update CHANGELOG.md with user management improvements
- Remove unnecessary NEW_USER default creation
This commit is contained in:
Mărcziem ™
2025-10-03 13:15:51 +02:00
parent 5a0a2401ce
commit 21781166ea
3 changed files with 18 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
CHANGELOG.md
View File

@@ -40,10 +40,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- I/O scheduler path validation with automatic disk detection - I/O scheduler path validation with automatic disk detection
- Optional unattended-upgrades (disabled by default for user control) - Optional unattended-upgrades (disabled by default for user control)
- **Enhanced Security Documentation** - **User Management Overhaul**
- New SECURITY.md with comprehensive security policy - Script now uses existing sudo user instead of creating new "nasadmin" user
- Updated security features documentation - Automatic detection of SUDO_USER environment variable
- Container security considerations and warnings - Interactive user creation only when specified user doesn't exist
- Simplified user management workflow
- **Code Quality Improvements** - **Code Quality Improvements**
- New CODE_OF_CONDUCT.md for community guidelines - New CODE_OF_CONDUCT.md for community guidelines

6
README.md
View File

@@ -154,10 +154,8 @@ The script guides you through an interactive configuration:
- **Webmin:** Web-based system administration interface (optional) - **Webmin:** Web-based system administration interface (optional)
- **Unattended Upgrades:** Automatic security updates (optional, disabled by default) - **Unattended Upgrades:** Automatic security updates (optional, disabled by default)
### Security Configuration ### User Configuration
- **Firewall Rules:** IPv4/IPv6 automatic based on selected services - **Admin User:** Uses the current sudo user by default (no new user creation required)
- **Fail2ban:** Protection against brute-force attacks
- **Rate Limiting:** IPv4/IPv6 protection against DoS attacks
- **SSH Keys:** Ed25519 key generation for enhanced security - **SSH Keys:** Ed25519 key generation for enhanced security
## 📁 Directory Structure ## 📁 Directory Structure

12
setup.sh
View File

@@ -311,7 +311,17 @@ create_interactive_config() {
save_config "SSH_PORT" "$ssh_port" save_config "SSH_PORT" "$ssh_port"
# User configuration # User configuration
local username=$(ask_input "Admin username" "$NEW_USER" "validate_username") local current_user
if [[ -n "${SUDO_USER:-}" ]]; then
current_user="$SUDO_USER"
log_info "Using current sudo user: $current_user"
else
current_user="$USER"
log_info "Using current user: $current_user"
fi
# Pre-fill with current user, but allow override
local username=$(ask_input "Admin username" "$current_user" "validate_username")
save_config "ADMIN_USER" "$username" save_config "ADMIN_USER" "$username"
# Ensure the configured admin user exists (offer interactive creation) # Ensure the configured admin user exists (offer interactive creation)
ensure_user_exists_interactive "$username" || log_warning "Admin user '$username' not created; some features may require it." ensure_user_exists_interactive "$username" || log_warning "Admin user '$username' not created; some features may require it."