projects / debian / sudo / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Imported Upstream version 1.7.4
[debian/sudo] / sudo.pp
1 %set
2         if test -n "$flavor"; then
3                 name="sudo-$flavor"
4                 pp_kit_package="sudo_$flavor"
5         else
6                 name="sudo"
7                 pp_kit_package="sudo"
8         fi
9         summary="Provide limited super-user priveleges to specific users"
10         description="Sudo is a program designed to allow a sysadmin to give \
11 limited root privileges to users and log root activity.  \
12 The basic philosophy is to give as few privileges as possible but \
13 still allow people to get their work done."
14         vendor="Todd C. Miller"
15         copyright="(c) 1993-1996,1998-2010 Todd C. Miller"
16         pp_rpm_release="1"
17         pp_rpm_license="BSD"
18         pp_rpm_url="http://www.sudo.ws/"
19         pp_rpm_group="Applications/System"
20         pp_rpm_packager="Todd.Miller@courtesan.com"
21         pp_deb_maintainer="Todd.Miller@courtesan.com"
22         pp_sd_vendor_tag="TCM"
23         pp_kit_name="TCM"
24         pp_solaris_name="TCM${name}"
25 %if [!rpm,deb]
26         # For all but RPM and Debian we need to install sudoers with a different
27         # name and make a copy of it if there is no existing file.
28         mv ${pp_destdir}$sudoersdir/sudoers ${pp_destdir}$sudoersdir/sudoers.dist
29 %endif
30
31 %set [rpm]
32         # Add distro info to release
33         osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*//' -e 's/-.*$//'`
34         case "$pp_rpm_distro" in
35         centos*|rhel*)
36                 pp_rpm_release="$pp_rpm_release.el${osrelease%%[0-9]}"
37                 ;;
38         sles*)
39                 pp_rpm_release="$pp_rpm_release.sles$osrelease"
40                 ;;
41         esac
42
43         # Uncomment some Defaults in sudoers
44         # Note that the order must match that of sudoers.
45         case "$pp_rpm_distro" in
46         centos*|rhel*)
47                 /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
48                 /Locale settings/+1,s/^# //
49                 /Desktop path settings/+1,s/^# //
50                 w
51                 q
52                 EOF
53                 ;;
54         sles*)
55                 /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
56                 /Locale settings/+1,s/^# //
57                 /ConsoleKit session/+1,s/^# //
58                 /allow any user to run sudo if they know the password/+2,s/^# //
59                 /allow any user to run sudo if they know the password/+3,s/^# //
60                 w
61                 q
62                 EOF
63                 ;;
64         esac
65
66         # For RedHat the doc dir is expected to include version and release
67         case "$pp_rpm_distro" in
68         centos*|rhel*)
69                 mv ${pp_destdir}/${docdir} ${pp_destdir}/${docdir}-${version}-1
70                 docdir=${docdir}-${version}-1
71                 ;;
72         esac
73
74         # Choose the correct PAM file by distro, must be tab indented for "<<-"
75         case "$pp_rpm_distro" in
76         centos*|rhel*)
77                 mkdir -p ${pp_destdir}/etc/pam.d
78                 if test $osrelease -lt 50; then
79                         cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
80                         #%PAM-1.0
81                         auth       required     pam_stack.so service=system-auth
82                         account    required     pam_stack.so service=system-auth
83                         password   required     pam_stack.so service=system-auth
84                         session    required     pam_limits.so
85                         EOF
86                 else
87                         cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
88                         #%PAM-1.0
89                         auth       include      system-auth
90                         account    include      system-auth
91                         password   include      system-auth
92                         session    optional     pam_keyinit.so revoke
93                         session    required     pam_limits.so
94                         EOF
95                         cat > ${pp_destdir}/etc/pam.d/sudo-i <<-EOF
96                         #%PAM-1.0
97                         auth       include      sudo
98                         account    include      sudo
99                         password   include      sudo
100                         session    optional     pam_keyinit.so force revoke
101                         session    required     pam_limits.so
102                         EOF
103                 fi
104                 ;;
105           sles*)
106                 mkdir -p ${pp_destdir}/etc/pam.d
107                 if test $osrelease -lt 10; then
108                         cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
109                         #%PAM-1.0
110                         auth     required       pam_unix2.so
111                         session  required       pam_limits.so
112                         EOF
113                 else
114                         cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
115                         #%PAM-1.0
116                         auth     include        common-auth
117                         account  include        common-account
118                         password include        common-password
119                         session  include        common-session
120                         # session  optional     pam_xauth.so
121                         EOF
122                 fi
123                 ;;
124         esac
125
126 %set [deb]
127         # Uncomment some Defaults and the %sudo rule in sudoers
128         # Note that the order must match that of sudoers and be tab-indented.
129         /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
130         /Locale settings/+1,s/^# //
131         /X11 resource/+1,s/^# //
132         /^# \%sudo/,s/^# //
133         w
134         q
135         EOF
136         mkdir -p ${pp_destdir}/etc/pam.d
137         cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
138         #%PAM-1.0
139
140         @include common-auth
141         @include common-account
142
143         session required pam_permit.so
144         session required pam_limits.so
145         EOF
146
147 %set [aix]
148         summary="Configurable super-user privileges"
149
150 %files
151         $bindir/sudo        4111 root:
152         $bindir/sudoedit    4111 root:
153         $sbindir/visudo     0111
154         $bindir/sudoreplay  0111
155         $libexecdir/*
156         $sudoersdir/sudoers.d/  0750 $sudoers_uid:$sudoers_gid
157         $timedir/               0700 root:
158         $docdir/
159         $docdir/*
160         /etc/pam.d/*            volatile,optional
161 %if [rpm,deb]
162         $sudoersdir/sudoers $sudoers_mode $sudoers_uid:$sudoers_gid volatile
163 %else
164         $sudoersdir/sudoers.dist $sudoers_mode $sudoers_uid:$sudoers_gid volatile
165 %endif
166
167 %files [!aix]
168         $mandir/man*/*
169
170 %files [aix]
171         # Some versions use catpages, some use manpages.
172         $mandir/cat*/* optional
173         $mandir/man*/* optional
174
175 %post [!rpm,deb]
176         # Don't overwrite an existing sudoers file
177         sudoersdir=%{sudoersdir}
178         if test ! -r $sudoersdir/sudoers; then
179                 cp -p $sudoersdir/sudoers.dist $sudoersdir/sudoers
180         fi
181
182 %post [deb]
183         # dpkg-deb does not maintain the mode on the sudoers file, and
184         # installs it 0640 when sudo requires 0440
185         chmod %{sudoers_mode} %{sudoersdir}/sudoers
186
187         # create symlink to ease transition to new path for ldap config
188         # if old config file exists and new one doesn't
189         if test X"%{flavor}" = X"ldap" -a \
190             -r /etc/ldap/ldap.conf -a ! -r /etc/sudo-ldap.conf; then
191                 ln -s /etc/ldap/ldap.conf /etc/sudo-ldap.conf
192         fi
193
194         # Debian uses a sudo group in its default sudoers file
195         perl -e '
196                 exit 0 if getgrnam("sudo");
197                 $gid = 27; # default debian sudo gid
198                 setgrent();
199                 while (getgrgid($gid)) { $gid++; }
200                 if ($gid != 27) {
201                         print "On Debian we normally use gid 27 for \"sudo\".\n";
202                         $gname = getgrgid(27);
203                         print "However, on your system gid 27 is group \"$gname\".\n\n";
204                         print "Would you like me to stop configuring sudo so that you can change this? [n] "; 
205                         $ans = <STDIN>;
206                         if ($ans =~ /^[yY]/) {
207                                 print "\"dpkg --pending --configure\" will restart the configuration.\n\n";
208                                 exit 1;
209                         }
210                 }
211                 print "Creating group \"sudo\" with gid = $gid\n";
212                 system("groupadd -g $gid sudo");
213                 exit 0;
214         '
215
216 %preun [deb]
217         # Remove the /etc/ldap/ldap.conf -> /etc/sudo-ldap.conf symlink if
218         # it matches what we created in the postinstall script.
219         if test X"%{flavor}" = X"ldap" -a \
220             X"`readlink /etc/sudo-ldap.conf 2>/dev/null`" = X"/etc/ldap/ldap.conf"; then
221                 rm -f /etc/sudo-ldap.conf
222         fi
Debian packaging of sudo