permissions and groups fixes

files/cloud-init/base.sh

@@ -4,18 +4,16 @@ set -eux
 apt-get update -y
 apt-get install sudo -y
 
-getent passwd algo || useradd -m -d /home/algo -s /bin/bash -G sudo -p '!' algo
+getent passwd algo || useradd -m -d /home/algo -s /bin/bash -G adm,netdev -p '!' algo
 
-cat <<EOF >/etc/sudoers.d/10-algo-user
+(umask 337 && echo "algo ALL=(ALL) NOPASSWD:ALL" >/etc/sudoers.d/10-algo-user)
-algo ALL=(ALL) NOPASSWD:ALL
-EOF
 
 cat <<EOF >/etc/ssh/sshd_config
 {{ lookup('template', 'files/cloud-init/sshd_config') }}
 EOF
 
-test -d /home/algo/.ssh || sudo -u algo mkdir -p /home/algo/.ssh/
+test -d /home/algo/.ssh || (umask 077 && sudo -u algo mkdir -p /home/algo/.ssh/)
-echo "{{ lookup('file', '{{ SSH_keys.public }}') }}" | sudo -u algo tee /home/algo/.ssh/authorized_keys
+echo "{{ lookup('file', '{{ SSH_keys.public }}') }}" | (umask 177 && sudo -u algo tee /home/algo/.ssh/authorized_keys)
 
 sudo apt-get remove -y --purge sshguard || true
 systemctl restart sshd.service

files/cloud-init/base.yml

@@ -12,7 +12,7 @@ users:
   - name: algo
     homedir: /home/algo
     sudo: ALL=(ALL) NOPASSWD:ALL
-    groups: sudo
+    groups: adm,netdev
     shell: /bin/bash
     lock_passwd: true
     ssh_authorized_keys: