there must be at least one file in /etc/sudoers.d with permissions 0440,

which we will finesse by delivering a README file in valid syntax there...

diff --git a/debian/README b/debian/README
new file mode 100644 (file)
index 0000000..235fd7a
--- /dev/null
+++ b/debian/README
@@ -0,0 +1,18 @@
+#
+# As of Debian version 1.7.2p1-1, the default /etc/sudoers file created on
+# installation of the package now includes the directive:
+# 
+#      #includedir /etc/sudoers.d
+# 
+# This will cause sudo to read and parse any files in the /etc/sudoers.d 
+# directory that do not end in '~' or contain a '.' character.
+# 
+# Note that there must be at least one file in the sudoers.d directory (this
+# one will do), and all files in this directory must be mode 0440.
+# 
+# Note that because the sudoers file is not a 'conffile' in the Debian sense,
+# and sudoers contents can very widely, no attempt is made to add this directive
+# to existing sudoers files on upgrade.  Feel free to add the above directive
+# to the end of your /etc/sudoers file to enable this functionality for existing
+# installations if you wish!
+#

diff --git a/debian/README.Debian b/debian/README.Debian
index c89e431066ad87263fdbe8e2fd8373d4e4851770..ae4212f661bdbc4ae109ed013a45ac92c3ef2875 100644 (file)
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -1,19 +1,3 @@
-As of Debian version 1.7.2p1-1, the default /etc/sudoers file created on
-installation of the package now includes the directive:
-
-       #includedir /etc/sudoers.d
-
-This will cause sudo to read and parse any files in the /etc/sudoers.d 
-directory that do not end in '~' or contain a '.' character.
-
-Note that because the sudoers file is not a 'conffile' in the Debian sense,
-and sudoers contents can very widely, no attempt is made to add this directive
-to existing sudoers files on upgrade.  Feel free to add the above directive
-to the end of your /etc/sudoers file to enable this functionality for existing
-installations if you wish!
-
-       - - - - -
-
 The version of sudo that ships with Debian by default resets the
 environment, as described by the "env_reset" flag in the sudoers file.
 

diff --git a/debian/rules b/debian/rules
index 8d4ea4002167ab3943d940a185433e0f744363e3..57580d194d380c765aab652c73298d33b9e62dca 100755 (executable)
--- a/debian/rules
+++ b/debian/rules
@@ -102,12 +102,14 @@ install: build-stamp
                debian/sudo-ldap/etc/pam.d/sudo
 
        install -o root -g root -m 0644 $(CURDIR)/debian/sudo.lintian \
-               debian/sudo/usr/share/lintian/overrides/sudo
+               $(CURDIR)/debian/sudo/usr/share/lintian/overrides/sudo
        install -o root -g root -m 0644 $(CURDIR)/debian/sudo-ldap.lintian \
-               debian/sudo-ldap/usr/share/lintian/overrides/sudo-ldap
+               $(CURDIR)/debian/sudo-ldap/usr/share/lintian/overrides/sudo-ldap
 
-       ln -s /usr/share/doc/sudo/README.Debian debian/sudo/etc/sudoers.d
-       ln -s /usr/share/doc/sudo/README.Debian debian/sudo-ldap/etc/sudoers.d
+       install -o root -g root -m 0440 $(CURDIR)/debian/README \
+               $(CURDIR)/debian/sudo/etc/sudoers.d/README
+       install -o root -g root -m 0440 $(CURDIR)/debian/README \
+               $(CURDIR)/debian/sudo-ldap/etc/sudoers.d/README
 
 binary-indep: build install