there must be at least one file in /etc/sudoers.d with permissions 0440,

[debian/sudo] / debian / sudo-ldap.postinst

diff --git a/debian/sudo-ldap.postinst b/debian/sudo-ldap.postinst
index 36cdd235c89e4de80576edfa280def1318d16944..75c41f9262dc27cfbba4ed7cef5d8966faad4cdb 100644 (file)
--- a/debian/sudo-ldap.postinst
+++ b/debian/sudo-ldap.postinst
@@ -16,12 +16,16 @@ if ( ! -f "/etc/sudoers") {
          "#\n",
          "# See the man page for details on how to write a sudoers file.\n",
          "#\n\nDefaults\tenv_reset\n\n",
-         "# Uncomment to allow members of group sudo to not need a password\n",
-         "# %sudo ALL=NOPASSWD: ALL\n\n",
          "# Host alias specification\n\n",
          "# User alias specification\n\n",
          "# Cmnd alias specification\n\n",
-         "# User privilege specification\nroot\tALL=(ALL) ALL\n";
+         "# User privilege specification\nroot\tALL=(ALL) ALL\n\n",
+         "# Allow members of group sudo to not need a password\n",
+         "# (Note that later entries override this, so you might need to move\n",
+          "# it further down)\n",
+         "%sudo ALL=(ALL) ALL\n",
+         "#\n",
+         "#includedir /etc/sudoers.d\n";
        close SUDOERS;
 
 }
@@ -33,7 +37,13 @@ system ('chmod 440 /etc/sudoers');
 # must do a remove first to un-do the "bad" links created by previous version
 system ('update-rc.d -f sudo remove >/dev/null 2>&1');
 
-system ('update-rc.d sudo start 75 S . >/dev/null');
+system ('update-rc.d sudo start 75 2 3 4 5 . >/dev/null');
+
+# create symlink to ease transition to new path for ldap config
+# if old config file exists and new one doesn't
+if (-e "/etc/ldap/ldap.conf" && ! -e "/etc/sudo-ldap.conf") {
+  system("ln -s ldap/ldap.conf /etc/sudo-ldap.conf");
+}
 
 # make sure we have a sudo group