From d1368feb28a742b306f506a0571130ce9dd4f0aa Mon Sep 17 00:00:00 2001
From: konsthol <konsthol@konsthol.eu>
Date: Sun, 12 Mar 2023 23:10:54 +0200
Subject: [PATCH] starting the service is always better

---
 secdep.py | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/secdep.py b/secdep.py
index 1eb1a44..22c6521 100755
--- a/secdep.py
+++ b/secdep.py
@@ -954,14 +954,17 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi
             SCRIPT = '''#!/usr/bin/env bash
             sudo useradd -G sudo -m secdep
             sudo echo "secdep:secdeppass" | sudo chpasswd
-            sudo echo "%sudo ALL=(ALL:ALL) ALL" >> /etc/sudoers
             sudo mkdir -p /home/secdep/.ssh
             [[ -e /root/.ssh/authorized_keys ]] && sudo cp /root/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
             [[ -e /home/admin/.ssh/authorized_keys ]] && sudo cp /home/admin/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
             [[ -e /home/ec2-user/.ssh/authorized_keys ]] && sudo cp /home/ec2-user/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
             [[ -e /home/centos/.ssh/authorized_keys ]] && sudo cp /home/centos/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
             [[ -e /home/fedora/.ssh/authorized_keys ]] && sudo cp /home/fedora/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
-            [[ -e /home/ubuntu/.ssh/authorized_keys ]] && sudo cp /home/ubuntu/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys'''
+            [[ -e /home/ubuntu/.ssh/authorized_keys ]] && sudo cp /home/ubuntu/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
+            sudo chmod 755 /home
+            sudo chown secdep:secdep /home/secdep -R
+            sudo chmod 700 /home/secdep /home/secdep/.ssh
+            sudo chmod 600 /home/secdep/.ssh/authorized_keys'''
             step_1 = SSHKeyDeployment(pubkey)
             step_2 = ScriptDeployment(SCRIPT)
             msd = MultiStepDeployment([step_1, step_2])
@@ -986,14 +989,17 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi
             SCRIPT = '''#!/usr/bin/env bash
             sudo useradd -G sudo -m secdep
             sudo echo "secdep:secdeppass" | sudo chpasswd
-            sudo echo "%sudo ALL=(ALL:ALL) ALL" >> /etc/sudoers
             sudo mkdir -p /home/secdep/.ssh
             [[ -e /root/.ssh/authorized_keys ]] && sudo cp /root/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
             [[ -e /home/admin/.ssh/authorized_keys ]] && sudo cp /home/admin/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
             [[ -e /home/ec2-user/.ssh/authorized_keys ]] && sudo cp /home/ec2-user/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
             [[ -e /home/centos/.ssh/authorized_keys ]] && sudo cp /home/centos/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
             [[ -e /home/fedora/.ssh/authorized_keys ]] && sudo cp /home/fedora/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
-            [[ -e /home/ubuntu/.ssh/authorized_keys ]] && sudo cp /home/ubuntu/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys'''
+            [[ -e /home/ubuntu/.ssh/authorized_keys ]] && sudo cp /home/ubuntu/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
+            sudo chmod 755 /home
+            sudo chown secdep:secdep /home/secdep -R
+            sudo chmod 700 /home/secdep /home/secdep/.ssh
+            sudo chmod 600 /home/secdep/.ssh/authorized_keys'''
             step_1 = SSHKeyDeployment(pubkey)
             step_2 = ScriptDeployment(SCRIPT)
             msd = MultiStepDeployment([step_1, step_2])