Index: branches/releng-10/nanobsd/cfg/nanobsd.wleiden =================================================================== --- branches/releng-10/nanobsd/cfg/nanobsd.wleiden (revision 13371) +++ branches/releng-10/nanobsd/cfg/nanobsd.wleiden (revision 13372) @@ -252,4 +252,9 @@ ) +# Customize sudoers files +cust_sudo_rules() { + chroot ${NANO_WORLDDIR} chmod -R 0440 /usr/local/etc/sudoers.d +} + @@ -351,4 +356,5 @@ customize_cmd cust_nano_prune customize_cmd cust_set_root_password +customize_cmd cust_sudo_rules #customize_cmd cust_apply_nanobsd_patches late_customize_cmd late_cust_unset_common_var_and_tmp Index: branches/releng-10/nanobsd/files/usr/local/etc/sudoers.d/portal =================================================================== --- branches/releng-10/nanobsd/files/usr/local/etc/sudoers.d/portal (revision 13372) +++ branches/releng-10/nanobsd/files/usr/local/etc/sudoers.d/portal (revision 13372) @@ -0,0 +1,1 @@ +www ALL=(ALL) NOPASSWD: /sbin/pfctl Index: branches/releng-10/nanobsd/files/usr/local/www/portal/login/index.cgi =================================================================== --- branches/releng-10/nanobsd/files/usr/local/www/portal/login/index.cgi (revision 13371) +++ branches/releng-10/nanobsd/files/usr/local/www/portal/login/index.cgi (revision 13372) @@ -5,5 +5,5 @@ # Rick van der Zwet # -PATH=$PATH:/usr/sbin:/usr/bin:/sbin +PATH=$PATH:/usr/local/bin:/usr/sbin:/usr/bin:/sbin DB=/tmp/authenticated.txt @@ -19,5 +19,5 @@ # Add entry to authorized list -pfctl -q -t wlportal -T add $REMOTE_ADDR +sudo pfctl -q -t wlportal -T add $REMOTE_ADDR # Redirect to proper page Index: branches/releng-10/nanobsd/files/usr/local/www/portal/logout/index.cgi =================================================================== --- branches/releng-10/nanobsd/files/usr/local/www/portal/logout/index.cgi (revision 13371) +++ branches/releng-10/nanobsd/files/usr/local/www/portal/logout/index.cgi (revision 13372) @@ -5,5 +5,5 @@ # Rick van der Zwet # -PATH=$PATH:/usr/sbin:/usr/bin:/sbin +PATH=$PATH:/usr/local/bin:/usr/sbin:/usr/bin:/sbin DB=/tmp/authenticated.txt @@ -11,8 +11,8 @@ # Add entry to authorized list -pfctl -q -t wlportal -T delete $REMOTE_ADDR +sudo pfctl -q -t wlportal -T delete $REMOTE_ADDR # Redirect to proper page -echo 'HTTP 1.0 200 OK' +echo 'Content-Type: text/html' echo 'Refresh: 60; url=/portal/login' echo ''