How can I get a secure system-wide oh-my-zsh configuration?

linux shell unix zsh oh-my-zsh
17,889

Solution 1

Fair Warning: this assumes a Debian style linux, but this should work on other forms as well. This also assumes you are starting from scratch.

Part 1, the install:

You will need to install zsh system wide, and not just for one user. (you may have already done this but I'll include it just to be comprehensive)

make sure you have installed zsh, simply: sudo apt-get install zsh

Follow the oh-my-zsh install guide or you can either:

use curl

sh -c "$(curl -fsSL https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh)"

use wget

sh -c "$(wget https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh -O -)"

Part 2, Setting up zsh when new users are added:

You will need to make it so that new users default to zsh. In your /etc/adduser.conf file edit the line that says:

DSHELL=/bin/sh

to:

DSHELL=/bin/zsh

You should also change it for the /etc/default/useradd file, change the line:

SHELL=/bin/sh

to:

SHELL=/bin/zsh

Part 3, set your custom theme.

I have a custom theme file (here) that I wanted all users on the system to have. First, you should add the file to your .oh-my-zsh/themes folder:

cp your_custom_style.zsh-theme ~/.oh-my-zsh/themes

Next, edit your .zshrc file in your home directory, change the ZSH_THEME="default" to ZSH_THEME="your_custom_style"

Then, reload your .zshrc file with: . ~/.zshrc

Part 4, setting up new user's home directories.

We need to to place whatever files we want the new users to have in the /etc/skel directory, because this is what the system copies when it is creating new user's home directory. See this sys admin guide for details.

Copy your user's files (you may need to sudo):

cp -r .oh-my-zsh /etc/skel/
cp .zshrc /etc/skel

Now you will be able to add new users and they will have oh-my-zsh by default with whatever custom theme you want them to have.

If you want to change all other existing user's shell to zsh, I would recommend reading this serverfault question.

Solution 2

Unless I'm misunderstanding the marked answer from Caleb is just the normal per-user installation steps with adding a .zshrc file to the skel dir and changing the default new-user shell, but it doesn't actually work or really answer the question because each user still requires the oh-my-zsh dir/would still require each user to clone the oh-my-zsh dir into their own folder meaning it's not really installed system wide, it just automatically gives them a zshrc file and changes the default shell to zsh, but without oh-my-zsh in each user folder it will error out.

From what I understand of the question it's asking how to install oh-my-zsh system-wide aka have it installed in ONE place and not require manually messing around on each new user/having a git clone of oh-my-zsh on each user dir. Assuming that's the case, here's what I did based off Arch Linux's AUR Package I normally use but was looking for the same on a centos server, however this can be done on any distro. Credit goes to MarcinWieczorek and the other maintainers, I just adapted the below so can do the same on non-arch distros.

If you already have oh-my-zsh installed on root just skip to Step 3. This isn't distro specific just uses the AUR Patch File for zshrc

Step #1

Install zsh of course

Step #2

Install oh-my-zsh as root as normal (shows wget method, see Calebs answer for alternative)

sh -c "$(wget https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh -O -)"

Step #3

Move the install to /usr/share so is system-wide

#Copy zsh files to /usr/share for all uer access 
mv /root/.oh-my-zsh /usr/share/oh-my-zsh
# Move into the dir and copy the zshrc template to zshrc (which will be the default for users)
cd /usr/share/oh-my-zsh/
cp templates/zshrc.zsh-template zshrc
# Nab the patch file from MarcinWieczorek's AUR Package and apply to the zshrc file
wget https://aur.archlinux.org/cgit/aur.git/plain/0001-zshrc.patch\?h\=oh-my-zsh-git -O zshrc.patch && patch -p1 < zshrc.patch

Now oh-my-zsh is installed globally and the user just needs that zshrc file. so NOW is where Caleb's answer comes in though just do the below as /etc/adduser.conf is only on debian whereas the below should be distro independent.

Step #4

Set it up to be the default on new users

# Create hard link to the zshrc file so it creates an actual independent copy on new users
sudo ln /usr/share/oh-my-zsh/zshrc /etc/skel/.zshrc
# Set default shell to zsh
sudo adduser -D -s /bin/zsh

Now that's a true installation of oh-my-zsh with all new users automatically having it applied with the /usr/share/oh-my-zsh/zshrc settings and no other steps needed.

Misc Notes

  • For any pre-existing users with oh-my-zsh:

    cp /usr/share/oh-my-zsh/zshrc ~/.zshrc
  • You can set new user OMZ defaults in /usr/share/oh-my-zsh/zshrc
  • Auto Updates are disabled since new users do not have permissions to update the /usr/share/oh-my-zsh files
    • To update oh-my-zsh just cd to /usr/share/oh-my-zsh/ and run 'sudo git pull'
  • The oh-my-zsh cache will be handled per-user within each user dir under ~/.oh-my-zsh-cache/ (automatically created)

Solution 3

If you want a system-wide install of Oh-My-Zsh, a convenient approach that overwrites the least number files is:

sudo git clone https://github.com/robbyrussell/oh-my-zsh.git /etc/oh-my-zsh
sudo cp /etc/oh-my-zsh/templates/zshrc.zsh-template /etc/skel/.zshrc
sudo mkdir -p /etc/skel/.oh-my-zsh/cache

Edit /etc/skel/.zshrc:

  • Edit the line export ZSH=$HOME/.oh-my-zsh (currently line 5)
  • Change the line to be:
      export ZSH=/etc/oh-my-zsh
      export ZSH_CACHE_DIR=~/.oh-my-zsh/cache

Then edit /etc/default/useradd and change the line SHELL=... to SHELL=/bin/zsh.

That's basically all (of course, git and zsh must be installed already).

To update a pre-existing user: login as them and cp /etc/skel/.zshrc ~/.zshrc

Update: Please do not edit this. I just rolled back an edit which completely botched it up!

Solution 4

Login as ROOT

Step 1: Install ZSH

# Download and extract ZSH

wget https://github.com/zsh-users/zsh/archive/zsh-5.8.tar.gz -P /tmp/demo/zsh
cd /tmp/demo/zsh
tar -xvzf zsh-*
cd zsh-zsh-5.8

# configure and make

sudo ./Util/preconfig
sudo ./configure
sudo make && sudo make install


# Add ZSH to the list of shells

echo /usr/local/bin/zsh | sudo tee -a /etc/shells

Step 2: Install oh-my-zsh

# If you're running the Oh My Zsh install script as part of an automated install, 
# you can pass the flag --unattended to the install.sh script.
# This will have the effect of not trying to change the default shell, and also won't
# run zsh when the installation has finished.

sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" "" --unattended

# Add oh-my-zsh to /usr/share
mv /root/.oh-my-zsh /usr/share
mv /usr/share/.oh-my-zsh /usr/share/oh-my-zsh
mv /root/.zshrc /usr/share/oh-my-zsh
mv /usr/share/oh-my-zsh/.zshrc /usr/share/oh-my-zsh/zshrc

# Modify zshrc to point to /usr/share/oh-my-zsh

sed -i 's|export ZSH="'"$HOME"'/.oh-my-zsh"|export ZSH="\/usr\/share\/oh-my-zsh"|g' /usr/share/oh-my-zsh/zshrc

Step 3: Add Extra (Optional - Look at the bottom for extra features)

Step 4: Create Symbolic link

# Create Symbolic Links to /etc/skel
sudo ln /usr/share/oh-my-zsh/zshrc /etc/skel/.zshrc

Step 5: Add oh-my-zsh for root

# Change shell to ZSH for root
echo "$USER" | chsh -s /usr/local/bin/zsh

Step 6: Add oh-my-zsh for user

# Change user
su - username

# Copy zshrc to $HOME for user
cp /usr/share/oh-my-zsh/zshrc ~/.zshrc

# Change shell to ZSH for user  
echo "$USER" | chsh -s /usr/local/bin/zsh

OR

sudo -i -u username bash << EOF
cp /usr/share/oh-my-zsh/zshrc ~/.zshrc
echo username | chsh -s /usr/local/bin/zsh
EOF

EXTRA:

Change theme to powerlevel10k

git clone --depth=1 https://github.com/romkatv/powerlevel10k.git ${ZSH_CUSTOM:-/usr/share/oh-my-zsh/custom}/themes/powerlevel10k

sed -i 's/ZSH_THEME="robbyrussell"/ZSH_THEME="powerlevel10k\/powerlevel10k"/g' /usr/share/oh-my-zsh/zshrc

Enable Auto correction

sed -i 's/# ENABLE_CORRECTION="true"/ENABLE_CORRECTION="true"/g' /usr/share/oh-my-zsh/zshrc

Enable Auto suggestions and Syntax highlighting

git clone --depth=1 https://github.com/zsh-users/zsh-autosuggestions ${ZSH_CUSTOM:-/usr/share/oh-my-zsh/custom}/plugins/zsh-autosuggestions

git clone --depth=1 https://github.com/zsh-users/zsh-syntax-highlighting.git ${ZSH_CUSTOM:-/usr/share/oh-my-zsh/custom}/plugins/zsh-syntax-highlighting

sed -i 's/plugins=(git)/plugins=(\n  git\n  zsh-autosuggestions\n  zsh-syntax-highlighting\n)/' /usr/share/oh-my-zsh/zshrc

sed -i 's/plugins=(git)/plugins=(git)\nZSH_DISABLE_COMPFIX=true/' /usr/share/oh-my-zsh/zshrc

Add nord dircolors

git clone --depth=1 https://github.com/arcticicestudio/nord-dircolors.git /tmp/demo/dircolors

mv /tmp/demo/dircolors/src/dir_colors /usr/share/
cd /usr/share/
mv /usr/share/dir_colors /usr/share/.dir_colors

tee -a /usr/share/oh-my-zsh/zshrc >/dev/null <<'EOF'
test -r "/usr/share/.dir_colors" && eval $(dircolors /usr/share/.dir_colors)
EOF
Share:
17,889
toogley
Author by

toogley

Updated on June 07, 2022

Comments

  • toogley
    toogley almost 2 years

    I'd like to have a system-wide oh-my-zsh setup, but I'm not sure what would be the "best" approach for this. It is not my intention to ask about personal preferences or the like, I'm just unsure whether the solutions below are:

    • ln my local user configuration somewhere doesn't seem right, because adding an exploit to my local cfg and therefore gain root permissions would be very easy.

    • Installing oh-my-zsh to /etc would be maybe also a security hole because I simply haven't written it by myself.

    • Simply writing my own personal .zshrc would be the last approach I would like to try out because it’s very time-consuming.

    Any recommendations?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Start zsh with a custom zshrc
ant Permission Denied problem
Define function in unix/linux command line (e.g. BASH)
merging contents from two files in one file using shell script
Variable scope for bash shell scripts and functions in the script
why is this simple FOR LOOP in my Linux bash not working?
Check if a file exists in a linux script
About "ls" , how can I just show directories only (except linked directories and hidden directories)
Where to place zsh autocompletion script on Linux?
Regular Expression in Find command