mirror of
https://github.com/sudo-project/sudo.git
synced 2025-08-22 01:49:11 +00:00
Use tab indents to reduce the chance of problem with <<-
Fix the debian %set section, pp does not set pp_deb_distro
Uncomment %sudo line in sudoers for debian
Uncomment some env_keep lines for RHEL, SLES and debian to more
closely match the vendor sudoers files.
Add /etc/pam.d to %files
Remove the /etc/sudo-ldap.conf symlink on debian for ldap flavor
This commit is contained in:
Todd C. Miller
parent
af0bac430a
commit
8a837375d0
66
sudo.pp
66
sudo.pp
@ -37,6 +37,31 @@ still allow people to get their work done."
|
||||
;;
|
||||
esac
|
||||
|
||||
# Uncomment some Defaults in sudoers.dist
|
||||
# Note that the order must match that of sudoers.
|
||||
case "$pp_rpm_distro" in
|
||||
centos*|rhel*)
|
||||
# Uncomment some Defaults in sudoers.dist, must be tab indented.
|
||||
# Note that the order must match that of sudoers.
|
||||
/bin/ed - ${pp_destdir}${sudoersdir}/sudoers.dist <<-'EOF'
|
||||
/Locale settings/+1,s/^# //
|
||||
/Desktop path settings/+1,s/^# //
|
||||
w
|
||||
q
|
||||
EOF
|
||||
;;
|
||||
sles*)
|
||||
# Uncomment some Defaults in sudoers.dist, must be tab indented.
|
||||
# Note that the order must match that of sudoers.
|
||||
/bin/ed - ${pp_destdir}${sudoersdir}/sudoers.dist <<-'EOF'
|
||||
/Locale settings/+1,s/^# //
|
||||
/ConsoleKit session/+1,s/^# //
|
||||
w
|
||||
q
|
||||
EOF
|
||||
;;
|
||||
esac
|
||||
|
||||
# For RedHat the doc dir is expected to include version and release
|
||||
case "$pp_rpm_distro" in
|
||||
centos*|rhel*)
|
||||
@ -45,7 +70,7 @@ still allow people to get their work done."
|
||||
;;
|
||||
esac
|
||||
|
||||
# Choose the correct PAM file by distro
|
||||
# Choose the correct PAM file by distro, must be tab indented for "<<-"
|
||||
case "$pp_rpm_distro" in
|
||||
centos[0-4].*|rhel[0-4].*)
|
||||
mkdir -p ${pp_destdir}/etc/pam.d
|
||||
@ -98,9 +123,15 @@ still allow people to get their work done."
|
||||
esac
|
||||
|
||||
%set [deb]
|
||||
# Choose the correct PAM file by distro
|
||||
case "$pp_deb_distro" in
|
||||
deb*)
|
||||
# Uncomment some Defaults and the %sudo rule in sudoers.dist
|
||||
# Note that the order must match that of sudoers and be tab-indented.
|
||||
/bin/ed - ${pp_destdir}${sudoersdir}/sudoers.dist <<-'EOF'
|
||||
/Locale settings/+1,s/^# //
|
||||
/X11 resource/+1,s/^# //
|
||||
/^# \%sudo/,s/^# //
|
||||
w
|
||||
q
|
||||
EOF
|
||||
mkdir -p ${pp_destdir}/etc/pam.d
|
||||
cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
|
||||
#%PAM-1.0
|
||||
@ -111,8 +142,6 @@ still allow people to get their work done."
|
||||
session required pam_permit.so
|
||||
session required pam_limits.so
|
||||
EOF
|
||||
;;
|
||||
esac
|
||||
|
||||
%set [aix]
|
||||
pp_aix_version=`echo $version | sed -e 's,\([0-9][0-9]*\)\.\([0-9][0-9]*\)\.\([0-9][0-9]*\)p\([0-9][0-9]*\)q\([0-9][0-9]*\),\1.\2.\3.\4,'`
|
||||
@ -123,13 +152,14 @@ still allow people to get their work done."
|
||||
$bindir/sudoedit 4111 root:
|
||||
$sbindir/visudo 0111
|
||||
$bindir/sudoreplay 0111
|
||||
$includedir/sudo_plugin.h
|
||||
$libexecdir/*
|
||||
$sudoersdir/sudoers.dist $sudoers_mode $sudoers_uid:$sudoers_gid volatile
|
||||
$sudoersdir/sudoers.d/ 0750 $sudoers_uid:$sudoers_gid
|
||||
$timedir/ 0700 root:
|
||||
$docdir/
|
||||
$docdir/*
|
||||
$includedir/sudo_plugin.h
|
||||
/etc/pam.d/* volatile,optional
|
||||
|
||||
%files [!aix]
|
||||
$mandir/man*/*
|
||||
@ -139,14 +169,11 @@ still allow people to get their work done."
|
||||
$mandir/cat*/* optional
|
||||
$mandir/man*/* optional
|
||||
|
||||
%files [rpm]
|
||||
/etc/pam.d/* volatile,optional
|
||||
|
||||
%post
|
||||
# Don't overwrite an existing sudoers file
|
||||
sysconfdir=%{sysconfdir}
|
||||
if test ! -r $sysconfdir/sudoers; then
|
||||
cp -p $sysconfdir/sudoers.dist $sysconfdir/sudoers
|
||||
sudoersdir=%{sudoersdir}
|
||||
if test ! -r $sudoersdir/sudoers; then
|
||||
cp -p $sudoersdir/sudoers.dist $sudoersdir/sudoers
|
||||
fi
|
||||
|
||||
%post [deb]
|
||||
@ -156,11 +183,10 @@ still allow people to get their work done."
|
||||
|
||||
# create symlink to ease transition to new path for ldap config
|
||||
# if old config file exists and new one doesn't
|
||||
if test X"%{SUDO_FLAVOR}" = X"ldap"; then
|
||||
if test -r /etc/ldap/ldap.conf -a ! -r /etc/sudo-ldap.conf; then
|
||||
if test X"%{SUDO_FLAVOR}" = X"ldap" -a \
|
||||
-r /etc/ldap/ldap.conf -a ! -r /etc/sudo-ldap.conf; then
|
||||
ln -s /etc/ldap/ldap.conf /etc/sudo-ldap.conf
|
||||
fi
|
||||
fi
|
||||
|
||||
# Debian uses a sudo group in its default sudoers file
|
||||
perl -e '
|
||||
@ -184,4 +210,10 @@ still allow people to get their work done."
|
||||
exit 0;
|
||||
'
|
||||
|
||||
# vim:ts=2:sw=2:et
|
||||
%preun [deb]
|
||||
# Remove the /etc/ldap/ldap.conf -> /etc/sudo-ldap.conf symlink if
|
||||
# it matches what we created in the postinstall script.
|
||||
if test X"%{SUDO_FLAVOR}" = X"ldap" -a \
|
||||
X"`readlink /etc/sudo-ldap.conf 2>/dev/null`" = X"/etc/ldap/ldap.conf"; then
|
||||
rm -f /etc/sudo-ldap.conf
|
||||
fi
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user