Add sudoers configuration for homebridge user in Debian Trixie #178
Conversation
Add sudoers configuration file to allow homebridge user to execute shutdown, reboot, and poweroff commands without a password. This fixes the issue introduced in Debian Trixie where sudo group membership alone is no longer sufficient for passwordless sudo access. Co-authored-by: NorthernMan54 <[email protected]>
Changed sudoers rule from ALL=(ALL) to ALL=(root) to restrict command execution to only the root user, following security best practices. Co-authored-by: NorthernMan54 <[email protected]>
Removed unnecessary trailing newline to avoid potential parsing issues. Co-authored-by: NorthernMan54 <[email protected]>
Include both /sbin and /usr/sbin paths for shutdown/reboot/poweroff commands to ensure compatibility across different Debian versions. Co-authored-by: NorthernMan54 <[email protected]>
Added explanatory comments to clarify why both /sbin and /usr/sbin paths are included in the sudoers configuration. Co-authored-by: NorthernMan54 <[email protected]>
|
@copilot - Can we create a simple one liner command for people who have already installed the image to patch there system ? ie wget ....sudo ... |
Created TRIXIE_SUDO_PATCH.md with a simple one-liner command that users can run to patch their existing Homebridge installations without needing to re-flash the image. Co-authored-by: NorthernMan54 <[email protected]>
Created TRIXIE_SUDO_PATCH.md with a one-liner command (commit d6b889e). Users can run: sudo bash -c 'cat > /etc/sudoers.d/010_homebridge-nopasswd << "EOF"
# Allow homebridge user to run shutdown/reboot commands without password
# Both /sbin and /usr/sbin paths are included for compatibility across Debian versions
homebridge ALL=(root) NOPASSWD: /sbin/shutdown, /sbin/reboot, /sbin/poweroff, /usr/sbin/shutdown, /usr/sbin/reboot, /usr/sbin/poweroff
EOF
chmod 0440 /etc/sudoers.d/010_homebridge-nopasswd && visudo -c'This creates the sudoers file, sets correct permissions, and validates the syntax. |
|
@copilot Can we make this easier ie something like this approach - curl -fsSL https://example.com/repo-key.asc | sudo gpg --dearmor -o /etc/apt/keyrings/repository-keyring.gpg |
Updated TRIXIE_SUDO_PATCH.md to include a simpler curl-based one-liner that downloads the sudoers file directly from the GitHub repository, similar to the gpg key installation pattern. Co-authored-by: NorthernMan54 <[email protected]>
... Updated with a simpler curl-based approach (commit f6c54f8): curl -fsSL https://raw.githubusercontent.com/homebridge/homebridge-raspbian-image/latest/stage3_homebridge/01-homebridge/files/010_homebridge-nopasswd | sudo tee /etc/sudoers.d/010_homebridge-nopasswd > /dev/null && sudo chmod 0440 /etc/sudoers.d/010_homebridge-nopasswd && sudo visudo -cThis downloads the sudoers file directly from GitHub and installs it with proper permissions. |
|
@copilot what does this do |
|
Debian Trixie changed sudo behavior: sudo group membership alone no longer grants passwordless access. Homebridge UI's restart/shutdown functionality fails with
sudo: a password is required.Changes
Created
stage3_homebridge/01-homebridge/files/010_homebridge-nopasswdALL=(root)/sbinand/usr/sbinpaths for cross-version compatibilityModified
stage3_homebridge/01-homebridge/00-run.sh/etc/sudoers.d/with mode 0440Created
TRIXIE_SUDO_PATCH.md# stage3_homebridge/01-homebridge/files/010_homebridge-nopasswd homebridge ALL=(root) NOPASSWD: /sbin/shutdown, /sbin/reboot, /sbin/poweroff, /usr/sbin/shutdown, /usr/sbin/reboot, /usr/sbin/poweroffFor Existing Installations
Users who have already installed the image can apply this fix by running the curl-based one-liner from
TRIXIE_SUDO_PATCH.md:This downloads the sudoers file directly from GitHub, installs it with proper permissions, and validates the syntax.
Original prompt
✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.