Disable PAM for sudo in Fedora ci

.github/workflows/package.yml

@@ -277,6 +277,9 @@ jobs:
         options: --volume ${{ github.workspace }}:/work --workdir /work --privileged
         run: |
           set -e
+          echo "::group::Disable PAM for sudo with root and no tty"
+            bin/disable_pam_for_sudo.sh
+          echo "::endgroup::"
           echo "::group::Install system prerequisites"
             bin/install_prerequisites_fedora.sh
           echo "::endgroup::"

.github/workflows/test.yml

@@ -199,6 +199,9 @@ jobs:
         options: --volume ${{ github.workspace }}:/work --workdir /work --privileged --env CARGO_TERM_COLOR=always
         run: |
           set -e
+          echo "::group::Disable PAM for sudo with root and no tty"
+            bin/disable_pam_for_sudo.sh
+          echo "::endgroup::"          
           echo "::group::Install Prerequisites"
             bin/install_prerequisites_fedora.sh
           echo "::endgroup::"

bin/disable_pam_for_sudo.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+set -Eeuo pipefail
+
+echo "----- Disable PAM for sudo -----"
+{
+echo "auth sufficient pam_permit.so"
+echo "account sufficient pam_permit.so"
+echo "session sufficient pam_permit.so"
+} > /etc/pam.d/sudo
+cat /etc/pam.d/sudo
+

bin/environment.sh

@@ -6,6 +6,9 @@ date
 echo "# os"
 uname -a
 
+echo "# user"
+whoami
+
 echo "# python3"
 if command -V python3 ; then
     which python3