2 if test -n "$flavor"; then
4 pp_kit_package="sudo_$flavor"
9 summary="Provide limited super-user priveleges to specific users"
10 description="Sudo is a program designed to allow a sysadmin to give \
11 limited root privileges to users and log root activity. \
12 The basic philosophy is to give as few privileges as possible but \
13 still allow people to get their work done."
14 vendor="Todd C. Miller"
15 copyright="(c) 1993-1996,1998-2010 Todd C. Miller"
18 pp_rpm_url="http://www.sudo.ws/"
19 pp_rpm_group="Applications/System"
20 pp_rpm_packager="Todd.Miller@courtesan.com"
21 pp_deb_maintainer="Todd.Miller@courtesan.com"
22 pp_sd_vendor_tag="TCM"
24 pp_solaris_name="TCM${name}"
26 # For all but RPM and Debian we need to install sudoers with a different
27 # name and make a copy of it if there is no existing file.
28 mv ${pp_destdir}$sudoersdir/sudoers ${pp_destdir}$sudoersdir/sudoers.dist
32 # Add distro info to release
33 osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*//' -e 's/-.*$//'`
34 case "$pp_rpm_distro" in
36 pp_rpm_release="$pp_rpm_release.el${osrelease%%[0-9]}"
39 pp_rpm_release="$pp_rpm_release.sles$osrelease"
43 # Uncomment some Defaults in sudoers
44 # Note that the order must match that of sudoers.
45 case "$pp_rpm_distro" in
47 /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
48 /Locale settings/+1,s/^# //
49 /Desktop path settings/+1,s/^# //
55 /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
56 /Locale settings/+1,s/^# //
57 /ConsoleKit session/+1,s/^# //
58 /allow any user to run sudo if they know the password/+2,s/^# //
59 /allow any user to run sudo if they know the password/+3,s/^# //
66 # For RedHat the doc dir is expected to include version and release
67 case "$pp_rpm_distro" in
69 mv ${pp_destdir}/${docdir} ${pp_destdir}/${docdir}-${version}-1
70 docdir=${docdir}-${version}-1
74 # Choose the correct PAM file by distro, must be tab indented for "<<-"
75 case "$pp_rpm_distro" in
77 mkdir -p ${pp_destdir}/etc/pam.d
78 if test $osrelease -lt 50; then
79 cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
81 auth required pam_stack.so service=system-auth
82 account required pam_stack.so service=system-auth
83 password required pam_stack.so service=system-auth
84 session required pam_limits.so
87 cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
89 auth include system-auth
90 account include system-auth
91 password include system-auth
92 session optional pam_keyinit.so revoke
93 session required pam_limits.so
95 cat > ${pp_destdir}/etc/pam.d/sudo-i <<-EOF
100 session optional pam_keyinit.so force revoke
101 session required pam_limits.so
106 mkdir -p ${pp_destdir}/etc/pam.d
107 if test $osrelease -lt 10; then
108 cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
110 auth required pam_unix2.so
111 session required pam_limits.so
114 cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
116 auth include common-auth
117 account include common-account
118 password include common-password
119 session include common-session
120 # session optional pam_xauth.so
127 # Uncomment some Defaults and the %sudo rule in sudoers
128 # Note that the order must match that of sudoers and be tab-indented.
129 /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
130 /Locale settings/+1,s/^# //
131 /X11 resource/+1,s/^# //
136 mkdir -p ${pp_destdir}/etc/pam.d
137 cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
141 @include common-account
143 session required pam_permit.so
144 session required pam_limits.so
148 summary="Configurable super-user privileges"
151 $bindir/sudo 4111 root:
152 $bindir/sudoedit 4111 root:
154 $bindir/sudoreplay 0111
156 $sudoersdir/sudoers.d/ 0750 $sudoers_uid:$sudoers_gid
160 /etc/pam.d/* volatile,optional
162 $sudoersdir/sudoers $sudoers_mode $sudoers_uid:$sudoers_gid volatile
164 $sudoersdir/sudoers.dist $sudoers_mode $sudoers_uid:$sudoers_gid volatile
171 # Some versions use catpages, some use manpages.
172 $mandir/cat*/* optional
173 $mandir/man*/* optional
176 # Don't overwrite an existing sudoers file
177 sudoersdir=%{sudoersdir}
178 if test ! -r $sudoersdir/sudoers; then
179 cp -p $sudoersdir/sudoers.dist $sudoersdir/sudoers
183 # dpkg-deb does not maintain the mode on the sudoers file, and
184 # installs it 0640 when sudo requires 0440
185 chmod %{sudoers_mode} %{sudoersdir}/sudoers
187 # create symlink to ease transition to new path for ldap config
188 # if old config file exists and new one doesn't
189 if test X"%{flavor}" = X"ldap" -a \
190 -r /etc/ldap/ldap.conf -a ! -r /etc/sudo-ldap.conf; then
191 ln -s /etc/ldap/ldap.conf /etc/sudo-ldap.conf
194 # Debian uses a sudo group in its default sudoers file
196 exit 0 if getgrnam("sudo");
197 $gid = 27; # default debian sudo gid
199 while (getgrgid($gid)) { $gid++; }
201 print "On Debian we normally use gid 27 for \"sudo\".\n";
202 $gname = getgrgid(27);
203 print "However, on your system gid 27 is group \"$gname\".\n\n";
204 print "Would you like me to stop configuring sudo so that you can change this? [n] ";
206 if ($ans =~ /^[yY]/) {
207 print "\"dpkg --pending --configure\" will restart the configuration.\n\n";
211 print "Creating group \"sudo\" with gid = $gid\n";
212 system("groupadd -g $gid sudo");
217 # Remove the /etc/ldap/ldap.conf -> /etc/sudo-ldap.conf symlink if
218 # it matches what we created in the postinstall script.
219 if test X"%{flavor}" = X"ldap" -a \
220 X"`readlink /etc/sudo-ldap.conf 2>/dev/null`" = X"/etc/ldap/ldap.conf"; then
221 rm -f /etc/sudo-ldap.conf