Index: usr.sbin/bsdinstall/scripts/auto =================================================================== --- usr.sbin/bsdinstall/scripts/auto +++ usr.sbin/bsdinstall/scripts/auto @@ -447,6 +447,43 @@ esac } +check_wheel() { + + WHEEL_MEMBERS=$(chroot $BSDINSTALL_CHROOT pw group show wheel) + if [ "$WHEEL_MEMBERS" = "wheel:*:0:root" ]; then + SSH_ENABLE=$(sysrc -n -f $BSDINSTALL_TMPETC/rc.conf.services sshd_enable) + if [ "$SSH_ENABLE" = "YES" ]; then + exec 3>&1 + WHEEL_QUESTION=$(dialog --backtitle "FreeBSD Installer" \ + --title "Configuration Validation" --no-cancel --menu \ + "You have enabled SSH but not added any users to the wheel group. You will not be able to gain administrative privileges as a regular user if the user is not in the wheel group." 0 0 0 \ + "Add User" "Add a user to the system" \ + "Invite User" "Add an existing user to the wheel group" \ + "Continue Anyway" "No remote root access" 2>&1 1>&3) + exec 3>&- + + f_dprintf "%s: check_wheel: %s" "$0" "$WHEEL_QUESTION" + case "$WHEEL_QUESTION" in + "Add User") + bsdinstall adduser + check_wheel + ;; + "Invite User") + bsdinstall wheelinvite + check_wheel + ;; + "Continue anyway") + ;; + esac + fi + fi +} + +# Remind the user if they forgot to add a user to the wheel group (if SSHd is enabled) +if f_interactive; then + check_wheel +fi + # Allow user to change his mind finalconfig Index: usr.sbin/bsdinstall/scripts/wheelinvite =================================================================== --- /dev/null +++ usr.sbin/bsdinstall/scripts/wheelinvite @@ -0,0 +1,39 @@ +#!/bin/sh +#- +# Copyright (c) 2018 Allan Jude +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ + +clear +echo "FreeBSD Installer" +echo "========================" +echo +echo -n "User to invite to the wheel group: " +read invite_user +echo +f_dprintf "%s: wheelinvite: %s" "$0" "$invite_user" +if [ -n "$invite_user" ]; then + chroot $BSDINSTALL_CHROOT pw group mod wheel -m $invite_user +fi