2 if test -n "$flavor"; then
4 pp_kit_package="sudo_$flavor"
9 summary="Provide limited super-user priveleges to specific users"
10 description="Sudo is a program designed to allow a sysadmin to give \
11 limited root privileges to users and log root activity. \
12 The basic philosophy is to give as few privileges as possible but \
13 still allow people to get their work done."
14 vendor="Todd C. Miller"
15 copyright="(c) 1993-1996,1998-2010 Todd C. Miller"
17 # Convert to 4 part version for AIX, including patch level
18 pp_aix_version=`echo $version|sed -e 's/\([0-9]*\.[0-9]*\.[0-9]*\)$/\1.0/' -e 's/[^0-9]*\([0-9]*\)$/.\1/'`
20 # Strip of patchlevel for kit which only supports x.y.z versions
21 pp_kit_version="`echo $version|sed -e 's/\.//g' -e 's/p[0-9]*$//'`"
24 pp_sd_vendor_tag="TCM"
25 pp_solaris_name="TCM${name}"
27 # Convert patch level into release and remove from version
28 pp_rpm_release="`echo $version|sed 's/^[0-9]*\.[0-9]*\.[0-9]*[^0-9]*//'`"
29 pp_rpm_release="`expr $pp_rpm_release + 1`"
30 pp_rpm_version="`echo $version|sed 's/p[0-9]*$//'`"
32 pp_rpm_url="http://www.sudo.ws/"
33 pp_rpm_group="Applications/System"
34 pp_rpm_packager="Todd.Miller@courtesan.com"
36 pp_deb_maintainer="$pp_rpm_packager"
37 pp_deb_release="$pp_rpm_release"
38 pp_deb_version="$pp_rpm_version"
40 # For all but RPM and Debian we need to install sudoers with a different
41 # name and make a copy of it if there is no existing file.
42 mv ${pp_destdir}$sudoersdir/sudoers ${pp_destdir}$sudoersdir/sudoers.dist
46 # Add distro info to release
47 osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*//' -e 's/-.*$//'`
48 case "$pp_rpm_distro" in
50 pp_rpm_release="$pp_rpm_release.el${osrelease%%[0-9]}"
53 pp_rpm_release="$pp_rpm_release.sles$osrelease"
57 # Uncomment some Defaults in sudoers
58 # Note that the order must match that of sudoers.
59 case "$pp_rpm_distro" in
61 /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
62 /Locale settings/+1,s/^# //
63 /Desktop path settings/+1,s/^# //
69 /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
70 /Locale settings/+1,s/^# //
71 /ConsoleKit session/+1,s/^# //
72 /allow any user to run sudo if they know the password/+2,s/^# //
73 /allow any user to run sudo if they know the password/+3,s/^# //
80 # For RedHat the doc dir is expected to include version and release
81 case "$pp_rpm_distro" in
83 mv ${pp_destdir}/${docdir} ${pp_destdir}/${docdir}-${version}-${pp_rpm_release}
84 docdir=${docdir}-${version}-${pp_rpm_release}
88 # Choose the correct PAM file by distro, must be tab indented for "<<-"
89 case "$pp_rpm_distro" in
91 mkdir -p ${pp_destdir}/etc/pam.d
92 if test $osrelease -lt 50; then
93 cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
95 auth required pam_stack.so service=system-auth
96 account required pam_stack.so service=system-auth
97 password required pam_stack.so service=system-auth
98 session required pam_limits.so
101 cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
103 auth include system-auth
104 account include system-auth
105 password include system-auth
106 session optional pam_keyinit.so revoke
107 session required pam_limits.so
109 cat > ${pp_destdir}/etc/pam.d/sudo-i <<-EOF
113 password include sudo
114 session optional pam_keyinit.so force revoke
115 session required pam_limits.so
120 mkdir -p ${pp_destdir}/etc/pam.d
121 if test $osrelease -lt 10; then
122 cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
124 auth required pam_unix2.so
125 session required pam_limits.so
128 cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
130 auth include common-auth
131 account include common-account
132 password include common-password
133 session include common-session
134 # session optional pam_xauth.so
141 # Uncomment some Defaults and the %sudo rule in sudoers
142 # Note that the order must match that of sudoers and be tab-indented.
143 /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
144 /Locale settings/+1,s/^# //
145 /X11 resource/+1,s/^# //
150 mkdir -p ${pp_destdir}/etc/pam.d
151 cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
155 @include common-account
157 session required pam_permit.so
158 session required pam_limits.so
162 summary="Configurable super-user privileges"
165 $bindir/sudo 4111 root:
166 $bindir/sudoedit 4111 root:
168 $bindir/sudoreplay 0111
170 $sudoersdir/sudoers.d/ 0750 $sudoers_uid:$sudoers_gid
174 /etc/pam.d/* volatile,optional
176 $sudoersdir/sudoers $sudoers_mode $sudoers_uid:$sudoers_gid volatile
178 $sudoersdir/sudoers.dist $sudoers_mode $sudoers_uid:$sudoers_gid volatile
185 # Some versions use catpages, some use manpages.
186 $mandir/cat*/* optional
187 $mandir/man*/* optional
190 # Don't overwrite an existing sudoers file
191 sudoersdir=%{sudoersdir}
192 if test ! -r $sudoersdir/sudoers; then
193 cp -p $sudoersdir/sudoers.dist $sudoersdir/sudoers
197 # dpkg-deb does not maintain the mode on the sudoers file, and
198 # installs it 0640 when sudo requires 0440
199 chmod %{sudoers_mode} %{sudoersdir}/sudoers
201 # create symlink to ease transition to new path for ldap config
202 # if old config file exists and new one doesn't
203 if test X"%{flavor}" = X"ldap" -a \
204 -r /etc/ldap/ldap.conf -a ! -r /etc/sudo-ldap.conf; then
205 ln -s /etc/ldap/ldap.conf /etc/sudo-ldap.conf
208 # Debian uses a sudo group in its default sudoers file
210 exit 0 if getgrnam("sudo");
211 $gid = 27; # default debian sudo gid
213 while (getgrgid($gid)) { $gid++; }
215 print "On Debian we normally use gid 27 for \"sudo\".\n";
216 $gname = getgrgid(27);
217 print "However, on your system gid 27 is group \"$gname\".\n\n";
218 print "Would you like me to stop configuring sudo so that you can change this? [n] ";
220 if ($ans =~ /^[yY]/) {
221 print "\"dpkg --pending --configure\" will restart the configuration.\n\n";
225 print "Creating group \"sudo\" with gid = $gid\n";
226 system("groupadd -g $gid sudo");
231 # Remove the /etc/ldap/ldap.conf -> /etc/sudo-ldap.conf symlink if
232 # it matches what we created in the postinstall script.
233 if test X"%{flavor}" = X"ldap" -a \
234 X"`readlink /etc/sudo-ldap.conf 2>/dev/null`" = X"/etc/ldap/ldap.conf"; then
235 rm -f /etc/sudo-ldap.conf