[debian/sudo] / debian / sudo-ldap.postinst

#!/usr/bin/perl

# remove old link

unlink ("/etc/alternatives/sudo") if ( -l "/etc/alternatives/sudo");

# complain if no sudoers file is present
if ( ! -f "/etc/sudoers") {
        print "WARNING:  /etc/sudoers not present!\n";
}

# handle state directory transition from /var/run/sudo to /var/lib/sudo,
# moving any existing content over to avoid re-lecturing existing users
if ( -d "/var/run/sudo") {
    system ('mkdir -p /var/lib/sudo');
    system ('(cd /var/run/sudo ; tar cf - .) | (cd /var/lib/sudo ; tar xf -)');
    system ('rm -rf /var/run/sudo');
}

# make sure sudoers has the correct permissions and owner/group
system ('chown root:root /etc/sudoers');
system ('chmod 440 /etc/sudoers');

# must do a remove first to un-do the "bad" links created by previous version
system ('update-rc.d -f sudo remove >/dev/null 2>&1');

system ('update-rc.d sudo start 75 2 3 4 5 . >/dev/null');

# create symlink to ease transition to new path for ldap config
# if old config file exists and new one doesn't
if (-e "/etc/ldap/ldap.conf" && ! -e "/etc/sudo-ldap.conf") {
  system("ln -s ldap/ldap.conf /etc/sudo-ldap.conf");
}

# make sure we have a sudo group

exit 0 if getgrnam("sudo"); # we're finished if there is a group sudo

$gid = 27;                 # start searcg with gid 27
setgrent;
while (getgrgid($gid)) {
        ++$gid;
}
endgrent;

if ($gid != 27) {
        print "On Debian we normally use gid 27 for 'sudo'.\n";
        $gname = getgrgid(27);
        print "However, on your system gid 27 is group '$gname'.\n\n";
        print "Would you like me to stop configuring sudo so that you can change this? [n] "; 
        $ans = <STDIN>;
        if ($ans =~ m/^[yY].*/) {
                print "'dpkg --pending --configure' will restart the configuration.\n\n\n";
                exit 1;
        }
}

print "Creating group 'sudo' with gid = $gid\n";
system("groupadd -g $gid sudo");

print "";