mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-09-03 15:55:40 +00:00
Code Issues Releases Wiki Activity

Replace --with-timedir and --with-lecture_dir with --with-rundir

Browse Source 
and --with-vardir which are the parent directories of the time stamp
and lecture dirs.  These directories need to be searchable by
non-root so that the timestampowner setting can function.
This commit is contained in:
Todd C. Miller
2014-02-01 05:57:34 -07:00
parent fb29e91ef0
commit aeb5ceead8
8 changed files with 116 additions and 126 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
INSTALL
View File

@@ -122,24 +122,24 @@ Directory and file names:
--docdir=DIR --docdir=DIR
Install other sudo documentation in DIR [DATAROOTDIR/doc/sudo] Install other sudo documentation in DIR [DATAROOTDIR/doc/sudo]
--with-plugindir=PATH --with-plugindir=DIR
Set the directory that sudo looks in to find the policy and I/O Set the directory that sudo looks in to find the policy and I/O
logging plugins. Defaults to the LIBEXEC/sudo. logging plugins. Defaults to the LIBEXEC/sudo.
--with-timedir=PATH --with-rundir=DIR
Use PATH to store the sudo time stamp files. By default, Set the directory to be used for sudo-specific files that
configure will use the first existing directory in the do not survive a system reboot. This is typically where
following list to construct the time stamp directory: the time stamp directory is located. By default, configure
/var/run, /var/db, /var/lib, /var/adm, /usr/adm. will use the first existing directory in the following list:
For example: /var/run/sudo/ts /var/run, /var/db, /var/lib, /var/adm, /usr/adm
This directory should be cleared when the system reboots. This directory should be cleared when the system reboots.
--with-lecture-dir=PATH --with-vardir=DIR
Use PATH to store the sudo time stamp files. By default, Set the directory to be used for sudo-specific files that
configure will use the first existing directory in the survive a system reboot. This is typically where the lecture
following list to construct the lecture status directory: status directory is stored. By default, configure will use
/var/db, /var/lib, /var/adm, /usr/adm. the first existing directory in the following list:
For example: /var/db/sudo/lectured /var/db, /var/lib, /var/adm, /usr/adm
This directory should not be cleared when the system reboots. This directory should not be cleared when the system reboots.
Compilation options: Compilation options:

6
Makefile.in
View File

@@ -33,7 +33,8 @@ localedir = @localedir@
localstatedir = @localstatedir@ localstatedir = @localstatedir@
docdir = @docdir@ docdir = @docdir@
mandir = @mandir@ mandir = @mandir@
timedir = @timedir@ rundir = @rundir@
vardir = @vardir@
# User and group ids the installed files should be "owned" by # User and group ids the installed files should be "owned" by
install_uid = 0 install_uid = 0
@@ -296,7 +297,8 @@ package: sudo.pp
sbindir=$(sbindir) \ sbindir=$(sbindir) \
libexecdir=$(libexecdir) \ libexecdir=$(libexecdir) \
includedir=$(includedir) \ includedir=$(includedir) \
timedir=$(timedir) \ vardir=$(vardir) \
rundir=$(rundir) \
mandir=$(mandir) \ mandir=$(mandir) \
localedir=$(localedir) \ localedir=$(localedir) \
docdir=$(docdir) \ docdir=$(docdir) \

74
configure vendored
View File

@@ -716,8 +716,8 @@ umask_override
sudo_umask sudo_umask
password_timeout password_timeout
timeout timeout
lecture_dir vardir
timedir rundir
iolog_dir iolog_dir
NO_VIZ NO_VIZ
SSP_CFLAGS SSP_CFLAGS
@@ -876,7 +876,8 @@ with_passprompt
with_badpass_message with_badpass_message
with_fqdn with_fqdn
with_timedir with_timedir
with_lecture_dir with_rundir
with_vardir
with_iologdir with_iologdir
with_sendmail with_sendmail
with_sudoers_mode with_sudoers_mode
@@ -1662,8 +1663,9 @@ Optional Packages:
--with-passprompt default password prompt --with-passprompt default password prompt
--with-badpass-message message the user sees when the password is wrong --with-badpass-message message the user sees when the password is wrong
--with-fqdn expect fully qualified hosts in sudoers --with-fqdn expect fully qualified hosts in sudoers
--with-timedir=DIR path to the sudo time stamp dir --with-timedir=DIR deprecated
--with-lecture-dir=DIR path to the sudo lecture status dir --with-rundir=DIR path to the sudo time stamp parent dir
--with-vardir=DIR path to the sudo var dir
--with-iologdir=DIR directory to store sudo I/O log files in --with-iologdir=DIR directory to store sudo I/O log files in
--with-sendmail set path to sendmail --with-sendmail set path to sendmail
--without-sendmail do not send mail at all --without-sendmail do not send mail at all
@@ -2972,8 +2974,8 @@ $as_echo "$as_me: Configuring Sudo version $PACKAGE_VERSION" >&6;}
# Begin initial values for man page substitution # Begin initial values for man page substitution
# #
iolog_dir=/var/log/sudo-io iolog_dir=/var/log/sudo-io
timedir=/var/adm/sudo/ts rundir=/var/run/sudo
lecture_dir=/var/adm/sudo/lectured vardir=/var/adm/sudo
timeout=5 timeout=5
password_timeout=5 password_timeout=5
sudo_umask=0022 sudo_umask=0022
@@ -4720,21 +4722,31 @@ fi
# Check whether --with-timedir was given. # Check whether --with-timedir was given.
if test "${with_timedir+set}" = set; then : if test "${with_timedir+set}" = set; then :
withval=$with_timedir; case $with_timedir in withval=$with_timedir; case $with_timedir in
yes) as_fn_error $? "\"must give --with-timedir an argument.\"" "$LINENO" 5 *) as_fn_error $? "\"--without-timedir no longer supported, see --with-rundir.\"" "$LINENO" 5
;;
no) as_fn_error $? "\"--without-timedir not supported.\"" "$LINENO" 5
;; ;;
esac esac
fi fi
# Check whether --with-lecture-dir was given. # Check whether --with-rundir was given.
if test "${with_lecture_dir+set}" = set; then : if test "${with_rundir+set}" = set; then :
withval=$with_lecture_dir; case $with_lecture_dir in withval=$with_rundir; case $with_rundir in
yes) as_fn_error $? "\"must give --with-lecture-dir an argument.\"" "$LINENO" 5 yes) as_fn_error $? "\"must give --with-rundir an argument.\"" "$LINENO" 5
;; ;;
no) as_fn_error $? "\"--without-lecture-dir not supported.\"" "$LINENO" 5 no) as_fn_error $? "\"--without-rundir not supported.\"" "$LINENO" 5
;;
esac
fi
# Check whether --with-vardir was given.
if test "${with_vardir+set}" = set; then :
withval=$with_vardir; case $with_vardir in
yes) as_fn_error $? "\"must give --with-vardirdir an argument.\"" "$LINENO" 5
;;
no) as_fn_error $? "\"--without-vardirdir not supported.\"" "$LINENO" 5
;; ;;
esac esac
fi fi
@@ -21334,39 +21346,39 @@ else
$as_echo "unknown" >&6; } $as_echo "unknown" >&6; }
fi fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for time stamp file location" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sudo run dir location" >&5
$as_echo_n "checking for time stamp file location... " >&6; } $as_echo_n "checking for sudo run dir location... " >&6; }
timedir="$with_timedir" rundir="$with_rundir"
if test -z "$timedir"; then if test -z "$rundir"; then
for d in /var/run /var/db /var/lib /var/adm /usr/adm; do for d in /var/run /var/db /var/lib /var/adm /usr/adm; do
if test -d "$d"; then if test -d "$d"; then
timedir="$d/sudo/ts" rundir="$d/sudo"
break break
fi fi
done done
fi fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $timedir" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $rundir" >&5
$as_echo "$timedir" >&6; } $as_echo "$rundir" >&6; }
cat >>confdefs.h <<EOF cat >>confdefs.h <<EOF
#define _PATH_SUDO_TIMEDIR "$timedir" #define _PATH_SUDO_TIMEDIR "$rundir/ts"
EOF EOF
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for lecture status file location" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sudo var dir location" >&5
$as_echo_n "checking for lecture status file location... " >&6; } $as_echo_n "checking for sudo var dir location... " >&6; }
lecture_dir="$with_lecture_dir" vardir="$with_vardir"
if test -z "$lecture_dir"; then if test -z "$vardir"; then
for d in /var/db /var/lib /var/adm /usr/adm; do for d in /var/db /var/lib /var/adm /usr/adm; do
if test -d "$d"; then if test -d "$d"; then
lecture_dir="$d/sudo/lectured" vardir="$d/sudo"
break break
fi fi
done done
fi fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lecture_dir" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $vardir" >&5
$as_echo "$lecture_dir" >&6; } $as_echo "$vardir" >&6; }
cat >>confdefs.h <<EOF cat >>confdefs.h <<EOF
#define _PATH_SUDO_LECTURE_DIR "$lecture_dir" #define _PATH_SUDO_LECTURE_DIR "$vardir/lectured"
EOF EOF

73
configure.ac
View File

@@ -90,8 +90,8 @@ dnl
dnl Variables that get substituted in docs (not overridden by environment) dnl Variables that get substituted in docs (not overridden by environment)
dnl dnl
AC_SUBST([iolog_dir])dnl real initial value from SUDO_IO_LOGDIR AC_SUBST([iolog_dir])dnl real initial value from SUDO_IO_LOGDIR
AC_SUBST([timedir])dnl real initial value from SUDO_TIMEDIR AC_SUBST([rundir])dnl real initial value from SUDO_RUNDIR
AC_SUBST([lecture_dir])dnl real initial value from SUDO_LECTURE_DIR AC_SUBST([vardir])dnl real initial value from SUDO_VARDIR
AC_SUBST([timeout]) AC_SUBST([timeout])
AC_SUBST([password_timeout]) AC_SUBST([password_timeout])
AC_SUBST([sudo_umask]) AC_SUBST([sudo_umask])
@@ -133,8 +133,8 @@ AC_SUBST([PLUGINDIR])
# Begin initial values for man page substitution # Begin initial values for man page substitution
# #
iolog_dir=/var/log/sudo-io iolog_dir=/var/log/sudo-io
timedir=/var/adm/sudo/ts rundir=/var/run/sudo
lecture_dir=/var/adm/sudo/lectured vardir=/var/adm/sudo
timeout=5 timeout=5
password_timeout=5 password_timeout=5
sudo_umask=0022 sudo_umask=0022
@@ -781,19 +781,25 @@ else
AC_MSG_RESULT(no) AC_MSG_RESULT(no)
fi fi
AC_ARG_WITH(timedir, [AS_HELP_STRING([--with-timedir=DIR], [path to the sudo time stamp dir])], AC_ARG_WITH(timedir, [AS_HELP_STRING([--with-timedir=DIR], [deprecated])],
[case $with_timedir in [case $with_timedir in
yes) AC_MSG_ERROR(["must give --with-timedir an argument."]) *) AC_MSG_ERROR(["--without-timedir no longer supported, see --with-rundir."])
;;
no) AC_MSG_ERROR(["--without-timedir not supported."])
;; ;;
esac]) esac])
AC_ARG_WITH(lecture-dir, [AS_HELP_STRING([--with-lecture-dir=DIR], [path to the sudo lecture status dir])], AC_ARG_WITH(rundir, [AS_HELP_STRING([--with-rundir=DIR], [path to the sudo time stamp parent dir])],
[case $with_lecture_dir in [case $with_rundir in
yes) AC_MSG_ERROR(["must give --with-lecture-dir an argument."]) yes) AC_MSG_ERROR(["must give --with-rundir an argument."])
;; ;;
no) AC_MSG_ERROR(["--without-lecture-dir not supported."]) no) AC_MSG_ERROR(["--without-rundir not supported."])
;;
esac])
AC_ARG_WITH(vardir, [AS_HELP_STRING([--with-vardir=DIR], [path to the sudo var dir])],
[case $with_vardir in
yes) AC_MSG_ERROR(["must give --with-vardirdir an argument."])
;;
no) AC_MSG_ERROR(["--without-vardirdir not supported."])
;; ;;
esac]) esac])
@@ -1164,7 +1170,7 @@ else
SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, NULL) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, NULL)
fi fi
AC_ARG_WITH(plugindir, [AS_HELP_STRING([--with-plugindir], [set directory to load plugins from])], AC_ARG_WITH(plugindir, [AS_HELP_STRING([--with-plugindir=DIR], [set directory to load plugins from])],
[case $with_plugindir in [case $with_plugindir in
no) AC_MSG_ERROR(["illegal argument: --without-plugindir."]) no) AC_MSG_ERROR(["illegal argument: --without-plugindir."])
;; ;;
@@ -3395,8 +3401,8 @@ if test "$utmp_style" = "LEGACY"; then
SUDO_PATH_UTMP SUDO_PATH_UTMP
fi fi
SUDO_LOGFILE SUDO_LOGFILE
SUDO_TIMEDIR SUDO_RUNDIR
SUDO_LECTURE_DIR SUDO_VARDIR
SUDO_IO_LOGDIR SUDO_IO_LOGDIR
dnl dnl
@@ -3890,42 +3896,7 @@ dnl
AH_TOP([#ifndef _SUDO_CONFIG_H AH_TOP([#ifndef _SUDO_CONFIG_H
#define _SUDO_CONFIG_H]) #define _SUDO_CONFIG_H])
AH_BOTTOM([/* AH_BOTTOM([/* BSD compatibility on some SVR4 systems. */
* Macros to convert ctime and mtime into timevals.
*/
#define timespec2timeval(_ts, _tv) do { \
(_tv)->tv_sec = (_ts)->tv_sec; \
(_tv)->tv_usec = (_ts)->tv_nsec / 1000; \
} while (0)
#ifdef HAVE_ST_MTIM
# ifdef HAVE_ST__TIM
# define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctim.st__tim, (_y))
# define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtim.st__tim, (_y))
# else
# define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctim, (_y))
# define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtim, (_y))
# endif
#else
# ifdef HAVE_ST_MTIMESPEC
# define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctimespec, (_y))
# define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtimespec, (_y))
# else
# define ctim_get(_x, _y) do { (_y)->tv_sec = (_x)->st_ctime; (_y)->tv_usec = 0; } while (0)
# define mtim_get(_x, _y) do { (_y)->tv_sec = (_x)->st_mtime; (_y)->tv_usec = 0; } while (0)
# endif /* HAVE_ST_MTIMESPEC */
#endif /* HAVE_ST_MTIM */
#ifdef __GNUC__
# define ignore_result(x) do { \
__typeof__(x) y = (x); \
(void)y; \
} while(0)
#else
# define ignore_result(x) (void)(x)
#endif
/* BSD compatibility on some SVR4 systems. */
#ifdef __svr4__ #ifdef __svr4__
# define BSD_COMP # define BSD_COMP
#endif /* __svr4__ */ #endif /* __svr4__ */

21
doc/sudoers.mdoc.in
View File

@@ -19,7 +19,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\" .\"
.Dd January 29, 2014 .Dd January 31, 2014
.Dt SUDOERS @mansectform@ .Dt SUDOERS @mansectform@
.Os Sudo @PACKAGE_VERSION@ .Os Sudo @PACKAGE_VERSION@
.Sh NAME .Sh NAME
@@ -2656,7 +2656,7 @@ This directory should
.Em not .Em not
be cleared when the system reboots. be cleared when the system reboots.
The default is The default is
.Pa @lecture_dir@ . .Pa @libdir@/lectured .
.It limitprivs .It limitprivs
The default Solaris limit privileges to use when constructing a new The default Solaris limit privileges to use when constructing a new
privilege set for a command. privilege set for a command.
@@ -2838,7 +2838,7 @@ The directory in which
stores its time stamp files. stores its time stamp files.
This directory should be cleared when the system reboots. This directory should be cleared when the system reboots.
The default is The default is
.Pa @timedir@ . .Pa @rundir@/ts .
.It timestampowner .It timestampowner
The owner of the lecture status directory, time stamp directory and the The owner of the lecture status directory, time stamp directory and the
time stamps stored therein. time stamps stored therein.
@@ -3439,15 +3439,12 @@ file) to the
line in the line in the
.Xr sudo.conf @mansectform@ .Xr sudo.conf @mansectform@
file. file.
.It unable to open @timedir@/username/ttyname .It unable to open @rundir@/ts/username
.Em sudoers .Em sudoers
was unable to read or create the user's time stamp file. was unable to read or create the user's time stamp file.
.It unable to write to @timedir@/username/ttyname .It unable to write to @rundir@/ts/username
.Em sudoers .Em sudoers
was unable to write to the user's time stamp file. was unable to write to the user's time stamp file.
.It unable to mkdir to @timedir@/username
.Em sudoers
was unable to create the user's time stamp directory.
.El .El
.Ss Notes on logging via syslog .Ss Notes on logging via syslog
By default, By default,
@@ -3526,10 +3523,14 @@ Local groups file
List of network groups List of network groups
.It Pa @iolog_dir@ .It Pa @iolog_dir@
I/O log files I/O log files
.It Pa @timedir@ .It Pa @rundir@/ts
Directory containing time stamps for the Directory containing time stamps for the
.Em sudoers .Em sudoers
security policy security policy
.It Pa @libdir@/lectured
Directory containing lecture status files for the
.Em sudoers
security policy
.It Pa /etc/environment .It Pa /etc/environment
Initial environment for Initial environment for
.Fl i .Fl i
@@ -4092,7 +4093,7 @@ will be updated with the contents of the temporary copy.
.Em sudoers .Em sudoers
will check the ownership of its time stamp directory will check the ownership of its time stamp directory
.Po .Po
.Pa @timedir@ .Pa @rundir@/ts
by default by default
.Pc .Pc
and ignore the directory's contents if it is not owned by root or and ignore the directory's contents if it is not owned by root or

28
m4/sudo.m4
View File

@@ -119,37 +119,37 @@ fi
])dnl ])dnl
dnl dnl
dnl Where the timestamp files go. dnl Parent directory for time stamp dir.
dnl dnl
AC_DEFUN([SUDO_TIMEDIR], [AC_MSG_CHECKING(for time stamp file location) AC_DEFUN([SUDO_RUNDIR], [AC_MSG_CHECKING(for sudo run dir location)
timedir="$with_timedir" rundir="$with_rundir"
if test -z "$timedir"; then if test -z "$rundir"; then
for d in /var/run /var/db /var/lib /var/adm /usr/adm; do for d in /var/run /var/db /var/lib /var/adm /usr/adm; do
if test -d "$d"; then if test -d "$d"; then
timedir="$d/sudo/ts" rundir="$d/sudo"
break break
fi fi
done done
fi fi
AC_MSG_RESULT([$timedir]) AC_MSG_RESULT([$rundir])
SUDO_DEFINE_UNQUOTED(_PATH_SUDO_TIMEDIR, "$timedir") SUDO_DEFINE_UNQUOTED(_PATH_SUDO_TIMEDIR, "$rundir/ts")
])dnl ])dnl
dnl dnl
dnl Where the lecture status files go. dnl Parent directory for the lecture status dir.
dnl dnl
AC_DEFUN([SUDO_LECTURE_DIR], [AC_MSG_CHECKING(for lecture status file location) AC_DEFUN([SUDO_VARDIR], [AC_MSG_CHECKING(for sudo var dir location)
lecture_dir="$with_lecture_dir" vardir="$with_vardir"
if test -z "$lecture_dir"; then if test -z "$vardir"; then
for d in /var/db /var/lib /var/adm /usr/adm; do for d in /var/db /var/lib /var/adm /usr/adm; do
if test -d "$d"; then if test -d "$d"; then
lecture_dir="$d/sudo/lectured" vardir="$d/sudo"
break break
fi fi
done done
fi fi
AC_MSG_RESULT([$lecture_dir]) AC_MSG_RESULT([$vardir])
SUDO_DEFINE_UNQUOTED(_PATH_SUDO_LECTURE_DIR, "$lecture_dir") SUDO_DEFINE_UNQUOTED(_PATH_SUDO_LECTURE_DIR, "$vardir/lectured")
])dnl ])dnl
dnl dnl

9
plugins/sudoers/Makefile.in
View File

@@ -31,8 +31,9 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@ top_srcdir = @top_srcdir@
incdir = $(top_srcdir)/include incdir = $(top_srcdir)/include
docdir = @docdir@ docdir = @docdir@
timedir = @timedir@
libdir = @libdir@ libdir = @libdir@
rundir = @rundir@
vardir = @vardir@
cross_compiling = @CROSS_COMPILING@ cross_compiling = @CROSS_COMPILING@
# Compiler & tools to use # Compiler & tools to use
@@ -288,8 +289,10 @@ install-dirs:
$(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(plugindir) \ $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(plugindir) \
$(DESTDIR)$(visudodir) $(DESTDIR)$(replaydir) \ $(DESTDIR)$(visudodir) $(DESTDIR)$(replaydir) \
$(DESTDIR)$(sudoersdir) $(DESTDIR)$(docdir) \ $(DESTDIR)$(sudoersdir) $(DESTDIR)$(docdir) \
`echo $(DESTDIR)$(timedir)|sed 's,/[^/]*$$,,'` `echo $(DESTDIR)$(rundir)|sed 's,/[^/]*$$,,'` \
$(INSTALL) -d -O $(install_uid) -G $(install_gid) -m 0700 $(DESTDIR)$(timedir) `echo $(DESTDIR)$(vardir)|sed 's,/[^/]*$$,,'`
$(INSTALL) -d -O $(install_uid) -G $(install_gid) -m 0711 $(DESTDIR)$(rundir)
$(INSTALL) -d -O $(install_uid) -G $(install_gid) -m 0711 $(DESTDIR)$(vardir)
install-binaries: visudo sudoreplay install-dirs install-binaries: visudo sudoreplay install-dirs
$(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -m 0755 sudoreplay $(DESTDIR)$(replaydir)/sudoreplay $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -m 0755 sudoreplay $(DESTDIR)$(replaydir)/sudoreplay

5
sudo.pp
View File

@@ -225,7 +225,7 @@ still allow people to get their work done."
# OS-level directories that should generally exist but might not. # OS-level directories that should generally exist but might not.
extradirs=`echo ${pp_destdir}/${mandir}/[mc]* | sed "s#${pp_destdir}/##g"` extradirs=`echo ${pp_destdir}/${mandir}/[mc]* | sed "s#${pp_destdir}/##g"`
extradirs="$extradirs `dirname $docdir` `dirname $timedir`" extradirs="$extradirs `dirname $docdir` `dirname $rundir` `dirname $vardir`"
test -d ${pp_destdir}${localedir} && extradirs="$extradirs $localedir" test -d ${pp_destdir}${localedir} && extradirs="$extradirs $localedir"
test -d ${pp_destdir}/etc/pam.d && extradirs="${extradirs} /etc/pam.d" test -d ${pp_destdir}/etc/pam.d && extradirs="${extradirs} /etc/pam.d"
for dir in $bindir $sbindir $libexecdir $includedir $extradirs; do for dir in $bindir $sbindir $libexecdir $includedir $extradirs; do
@@ -266,7 +266,8 @@ still allow people to get their work done."
$libexecdir/sudo/sesh 0755 optional,ignore-others $libexecdir/sudo/sesh 0755 optional,ignore-others
$libexecdir/sudo/* $shlib_mode optional $libexecdir/sudo/* $shlib_mode optional
$sudoersdir/sudoers.d/ 0750 $sudoers_uid:$sudoers_gid $sudoersdir/sudoers.d/ 0750 $sudoers_uid:$sudoers_gid
$timedir/ 0700 root: $rundir/ 0711 root:
$vardir/ 0711 root:
$docdir/ 0755 $docdir/ 0755
$docdir/sudoers2ldif 0755 optional,ignore-others $docdir/sudoers2ldif 0755 optional,ignore-others
%if [deb] %if [deb]