Post-install script sudo password


I got a small question regarding scripting a post-install script for my own archiso install script. There are some commands I need to run after the system is installed and running with systemd. So I need to run a script that does those things inside the finished install after rebooting from the archiso live environment.

Right now the user has to provide a password for sudo to kick off these things, but I want it to happen without the user doing something.

My only answer to this problem is to edit the sudoers file inside arch-chroot to allow all users of the wheel group executing sudo without asking for a password. After my post-install script is done, the sudoers file will be edited to ask for password.

So I am running the following command inside the live environment:

arch-chroot /mnt sed -i ‘s/# %wheel ALL=(ALL:ALL) NOPASSWD: ALL/%wheel ALL=(ALL:ALL) NOPASSWD: ALL/g’ /etc/sudoers

And after restarting I am starting my post-install script and at the end there is this:

sudo sed -i ‘s/%wheel ALL=(ALL:ALL) NOPASSWD: ALL/# %wheel ALL=(ALL:ALL) NOPASSWD: ALL/g’ /etc/sudoers

sudo sed -i ‘s/# %wheel ALL=(ALL:ALL) ALL/%wheel ALL=(ALL:ALL) ALL/g’ /etc/sudoers

This works, but I feel this has some potential to fail and leave the system with a “no password sudo”. I would love to set these things with arch-chroot but it doesn’t work without systemd. I could just run the script and ask for the password, but I would like it to be automated.

Is there a better option to automate all of this?

run it as a one-shot service which removes itself when done - this way you avoid the permissions issue.

it would then consist of two files

A service file /etc/systemd/system/fix-perms.service

Description=Fix installer permissions



A script /etc/

sed -i ‘s/%wheel ALL=(ALL:ALL) NOPASSWD: ALL/# %wheel ALL=(ALL:ALL) NOPASSWD: ALL/g’ /etc/sudoers
sed -i ‘s/# %wheel ALL=(ALL:ALL) ALL/%wheel ALL=(ALL:ALL) ALL/g’ /etc/sudoers
systemctl disable fix-perms.service
rm -f /etc/systemd/system/fix-perms.service
rm -f /etc/

Well, this sounds like a really good idea. Thanks!

Instead of using the systemd unit to change sudo permissions, just have the systemd unit run the commands you need run as root.

1 Like

Yeah, that’s what I’ll do. Thanks for the help.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.