From 5cfaba763840eb2d8b1088300d13e98b21aa02c3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= <raphael@vinot.info>
Date: Wed, 20 Nov 2013 15:40:29 +0100
Subject: [PATCH] add sudoers file, ensuring no users are sudoers with no or
 default passwd

---
 create_user.sh |  7 ++++---
 fs/etc/sudoers | 30 ++++++++++++++++++++++++++++++
 2 files changed, 34 insertions(+), 3 deletions(-)
 create mode 100644 fs/etc/sudoers

diff --git a/create_user.sh b/create_user.sh
index 31f5f94..80af644 100755
--- a/create_user.sh
+++ b/create_user.sh
@@ -2,8 +2,9 @@
 
 useradd -m kitten
 
-echo "Cmnd_Alias GROOMER_CMDS = /home/kitten/kitten_mount_src, \
-    /home/kitten/kitten_mount_dst, /home/kitten/kitten_umount" >> /etc/sudoers
-echo "kitten  ALL=(ALL) NOPASSWD: GROOMER_CMDS" >> /etc/sudoers
+# Useless: the sudoer file comes from the repository
+#echo "Cmnd_Alias GROOMER_CMDS = /home/kitten/kitten_mount_src, \
+#    /home/kitten/kitten_mount_dst, /home/kitten/kitten_umount" >> /etc/sudoers
+#echo "kitten  ALL=(ALL) NOPASSWD: GROOMER_CMDS" >> /etc/sudoers
 
 # /!\ REMOVE SUDO RIGHTS TO USER pi
diff --git a/fs/etc/sudoers b/fs/etc/sudoers
new file mode 100644
index 0000000..c217a94
--- /dev/null
+++ b/fs/etc/sudoers
@@ -0,0 +1,30 @@
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# Please consider adding local content in /etc/sudoers.d/ instead of
+# directly modifying this file.
+#
+# See the man page for details on how to write a sudoers file.
+#
+Defaults	env_reset
+Defaults	mail_badpass
+Defaults	secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+#root	ALL=(ALL:ALL) ALL
+
+# Allow members of group sudo to execute any command
+#%sudo	ALL=(ALL:ALL) ALL
+
+# See sudoers(5) for more information on "#include" directives:
+
+#includedir /etc/sudoers.d
+#pi ALL=(ALL) NOPASSWD: ALL
+Cmnd_Alias GROOMER_CMDS = /home/kitten/kitten_mount_src,     /home/kitten/kitten_mount_dst, /home/kitten/kitten_umount
+kitten  ALL = NOPASSWD: GROOMER_CMDS