No default sudo group anymore needed

Dockerfile

@@ -141,7 +141,7 @@ RUN rm -rf /etc/xdg/autostart/light-locker.desktop /etc/xdg/autostart/xscreensav
 RUN usermod -s /usr/sbin/nologin root
 
 ## Create worker user (instead of root user)
-RUN useradd -G sudo -d /app -s /bin/bash -u 1001 worker
+RUN useradd -d /app -s /bin/bash -u 1001 worker
 RUN echo "Defaults!/app/setup.sh setenv" >>/etc/sudoers
 # Limit the execute of the following commands of the worker user
 RUN echo "worker ALL=(root) NOPASSWD:/usr/sbin/service ssh start, /usr/sbin/service dbus start, /usr/sbin/service rsyslog start, /app/setup.sh" >>/etc/sudoers

README.md

@@ -71,18 +71,17 @@ _Important:_ By default the user can install new software using `apt` (eg. `sudo
 
 You can either change the environment variables using `-e` flag during `docker run` _or_ by changing just the `environment` section in the `compose.yaml` file.
 
-Docker run example, which disables both APT and sudo group: `docker run --shm-size 2g -it -e ALLOW_APT=no -e ALLOW_SUDO=no -p 2222:22 danger89/xfcevdi_x2go:latest`
+Docker run example with `-e`, which disables APT and require password for `sudo apt`: `docker run --shm-size 2g -it -e ALLOW_APT=no -e ENTER_PASS=yes -p 2222:22 danger89/xfcevdi_x2go:latest`
 
 Available environment variables::
 
-| Env. variable | Type   | Description                                 | Default value         |
-| ------------- | ------ | ------------------------------------------- | --------------------- |
-| `USERNAME`    | string | New username                                | `user`                |
-| `USER_ID`     | string | New User/Group ID                           | `1000`                |
-| `PASS`        | string | Change password for user                    | _auto-generated pass_ |
-| `ALLOW_APT`   | string | User is allowed to use APT commands         | `yes`                 |
-| `ENTER_PASS`  | string | Require to enter password for sudo commands | `no`                  |
-| `ALLOW_SUDO`  | string | Add user to `sudo` group                    | `yes`                 |
+| Env. variable | Type   | Description                                         | Default value         |
+| ------------- | ------ | --------------------------------------------------- | --------------------- |
+| `USERNAME`    | string | New username                                        | `user`                |
+| `USER_ID`     | string | New User/Group ID                                   | `1000`                |
+| `PASS`        | string | Change password for user                            | _auto-generated pass_ |
+| `ALLOW_APT`   | string | User is allowed to use APT commands                 | `yes`                 |
+| `ENTER_PASS`  | string | Require to enter password for specific APT commands | `no`                  |
 
 **NOTE 1:** Since [XFCE VDI v2.0](https://hub.docker.com/r/danger89/xfcevdi_x2go/tags), the new user is _only allowed_ to execute `apt` commands as root user. What can be changed on line 60 & 62 in [setup.sh script](scripts/setup.sh) and build your own Docker image.
 

compose.yaml

@@ -11,7 +11,7 @@ services:
     environment:
       USERNAME: melroy
       PASS: abc
-      # ALLOW_SUDO: 'no'
+      # ENTER_PASS: 'yes'
       # ALLOW_APT: 'no'
     volumes:
       # Make home mount persistent across restarts

scripts/setup.sh

@@ -42,12 +42,6 @@ echo 'pref("datareporting.policy.dataSubmissionEnabled", false);' >>/etc/firefox
 # Empty firstRun URL
 echo 'pref("datareporting.policy.firstRunURL", "");' >>/etc/firefox-esr/firefox-esr.js
 
-## Setting-up access control
-GROUP_LIST="x2gouser"
-if [ "$ALLOW_SUDO" = "yes" ]; then
-  GROUP_LIST="$GROUP_LIST,sudo"
-fi
-
 # Add new user
 useradd -ms /bin/bash -u "$USER_ID" -G "$GROUP_LIST" "$USERNAME"
 echo "$USERNAME:$PASS" | chpasswd