2 if test -n "$flavor"; then
4 pp_kit_package="sudo_$flavor"
9 summary="Provide limited super-user privileges to specific users"
10 description="Sudo is a program designed to allow a sysadmin to give \
11 limited root privileges to users and log root activity. \
12 The basic philosophy is to give as few privileges as possible but \
13 still allow people to get their work done."
14 vendor="Todd C. Miller"
15 copyright="(c) 1993-1996,1998-2011 Todd C. Miller"
18 # AIX package summary is limited to 40 characters
19 summary="Configurable super-user privileges"
21 # Convert to 4 part version for AIX, including patch level
22 pp_aix_version=`echo $version|sed -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)p\([0-9]*\)$/\1.\2/' -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)[^0-9\.].*$/\1/' -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)$/\1.0/'`
26 # Strip off patchlevel for kit which only supports xyz versions
27 pp_kit_version="`echo $version|sed -e 's/\.//g' -e 's/[^0-9][^0-9]*[0-9][0-9]*$//'`"
32 pp_sd_vendor_tag="TCM"
36 pp_solaris_name="TCM${name}"
37 pp_solaris_pstamp=`/usr/bin/date "+%B %d, %Y"`
41 # Convert patch level into release and remove from version
42 pp_rpm_release="`expr \( $version : '.*p\([0-9][0-9]*\)' \| 0 \) + 1`"
43 pp_rpm_version="`expr $version : '\(.*\)p[0-9][0-9]*'`"
45 pp_rpm_url="http://www.sudo.ws/"
46 pp_rpm_group="Applications/System"
47 pp_rpm_packager="Todd.Miller@courtesan.com"
48 if test -n "$linux_audit"; then
49 pp_rpm_requires="audit-libs >= $linux_audit"
52 pp_deb_maintainer="$pp_rpm_packager"
53 pp_deb_release="$pp_rpm_release"
54 pp_deb_version="$pp_rpm_version"
56 # For all but RPM and Debian we need to install sudoers with a different
57 # name and make a copy of it if there is no existing file.
58 mv ${pp_destdir}$sudoersdir/sudoers ${pp_destdir}$sudoersdir/sudoers.dist
62 # Add distro info to release
63 osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*//' -e 's/-.*$//'`
64 case "$pp_rpm_distro" in
66 pp_rpm_release="$pp_rpm_release.el${osrelease%%[0-9]}"
69 pp_rpm_release="$pp_rpm_release.sles$osrelease"
73 # Uncomment some Defaults in sudoers
74 # Note that the order must match that of sudoers.
75 case "$pp_rpm_distro" in
77 /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
78 /Locale settings/+1,s/^# //
79 /Desktop path settings/+1,s/^# //
85 /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
86 /Locale settings/+1,s/^# //
87 /ConsoleKit session/+1,s/^# //
88 /allow any user to run sudo if they know the password/+2,s/^# //
89 /allow any user to run sudo if they know the password/+3,s/^# //
96 # For RedHat the doc dir is expected to include version and release
97 case "$pp_rpm_distro" in
99 mv ${pp_destdir}/${docdir} ${pp_destdir}/${docdir}-${version}-${pp_rpm_release}
100 docdir=${docdir}-${version}-${pp_rpm_release}
104 # Choose the correct PAM file by distro, must be tab indented for "<<-"
105 case "$pp_rpm_distro" in
107 mkdir -p ${pp_destdir}/etc/pam.d
108 if test $osrelease -lt 50; then
109 cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
111 auth required pam_stack.so service=system-auth
112 account required pam_stack.so service=system-auth
113 password required pam_stack.so service=system-auth
114 session required pam_limits.so
117 cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
119 auth include system-auth
120 account include system-auth
121 password include system-auth
122 session optional pam_keyinit.so revoke
123 session required pam_limits.so
125 cat > ${pp_destdir}/etc/pam.d/sudo-i <<-EOF
129 password include sudo
130 session optional pam_keyinit.so force revoke
131 session required pam_limits.so
136 mkdir -p ${pp_destdir}/etc/pam.d
137 if test $osrelease -lt 10; then
138 cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
140 auth required pam_unix2.so
141 session required pam_limits.so
144 cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
146 auth include common-auth
147 account include common-account
148 password include common-password
149 session include common-session
150 # session optional pam_xauth.so
158 # Uncomment some Defaults and the %sudo rule in sudoers
159 # Note that the order must match that of sudoers and be tab-indented.
160 /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
161 /Locale settings/+1,s/^# //
162 /X11 resource/+1,s/^# //
167 mkdir -p ${pp_destdir}/etc/pam.d
168 cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
172 @include common-account
174 session required pam_permit.so
175 session required pam_limits.so
179 # OS-level directories that should generally exist but might not.
180 extradirs=`echo ${pp_destdir}/${mandir}/[mc]* | sed "s#${pp_destdir}/##g"`
181 extradirs="$extradirs `dirname $docdir` `dirname $timedir`"
182 test -d ${pp_destdir}/etc/pam.d && extradirs="${extradirs} /etc/pam.d"
183 for dir in $bindir $sbindir $libexecdir $includedir $extradirs; do
184 while test "$dir" != "/"; do
185 osdirs="${osdirs}${osdirs+ }$dir/"
189 osdirs=`echo $osdirs | tr " " "\n" | sort -u`
193 $bindir/sudo 4111 root:
194 $bindir/sudoedit 4111 root:
196 $bindir/sudoreplay 0111
197 $includedir/sudo_plugin.h
198 $libexecdir/* optional
199 $sudoersdir/sudoers.d/ 0750 $sudoers_uid:$sudoers_gid
204 $localedir/** optional
205 /etc/pam.d/* volatile,optional
207 $sudoersdir/sudoers $sudoers_mode $sudoers_uid:$sudoers_gid volatile
209 $sudoersdir/sudoers.dist $sudoers_mode $sudoers_uid:$sudoers_gid volatile
216 # Some versions use catpages, some use manpages.
217 $mandir/cat*/* optional
218 $mandir/man*/* optional
221 # Don't overwrite an existing sudoers file
222 sudoersdir=%{sudoersdir}
223 if test ! -r $sudoersdir/sudoers; then
224 cp $sudoersdir/sudoers.dist $sudoersdir/sudoers
225 chmod %{sudoers_mode} $sudoersdir/sudoers
226 chown %{sudoers_uid} $sudoersdir/sudoers
227 chgrp %{sudoers_gid} $sudoersdir/sudoers
231 # dpkg-deb does not maintain the mode on the sudoers file, and
232 # installs it 0640 when sudo requires 0440
233 chmod %{sudoers_mode} %{sudoersdir}/sudoers
235 # create symlink to ease transition to new path for ldap config
236 # if old config file exists and new one doesn't
237 if test X"%{flavor}" = X"ldap" -a \
238 -r /etc/ldap/ldap.conf -a ! -r /etc/sudo-ldap.conf; then
239 ln -s /etc/ldap/ldap.conf /etc/sudo-ldap.conf
242 # Debian uses a sudo group in its default sudoers file
244 exit 0 if getgrnam("sudo");
245 $gid = 27; # default debian sudo gid
247 while (getgrgid($gid)) { $gid++; }
249 print "On Debian we normally use gid 27 for \"sudo\".\n";
250 $gname = getgrgid(27);
251 print "However, on your system gid 27 is group \"$gname\".\n\n";
252 print "Would you like me to stop configuring sudo so that you can change this? [n] ";
254 if ($ans =~ /^[yY]/) {
255 print "\"dpkg --pending --configure\" will restart the configuration.\n\n";
259 print "Creating group \"sudo\" with gid = $gid\n";
260 system("groupadd -g $gid sudo");
265 # Remove the /etc/ldap/ldap.conf -> /etc/sudo-ldap.conf symlink if
266 # it matches what we created in the postinstall script.
267 if test X"%{flavor}" = X"ldap" -a \
268 X"`readlink /etc/sudo-ldap.conf 2>/dev/null`" = X"/etc/ldap/ldap.conf"; then
269 rm -f /etc/sudo-ldap.conf