"# User alias specification\n\n",
"# Cmnd alias specification\n\n",
"# User privilege specification\nroot\tALL=(ALL) ALL\n\n",
- "# Uncomment to allow members of group sudo to not need a password\n",
+ "# Allow members of group sudo to execute any command\n",
"# (Note that later entries override this, so you might need to move\n",
"# it further down)\n",
- "# %sudo ALL=(ALL) NOPASSWD: ALL\n";
+ "%sudo ALL=(ALL) ALL\n",
+ "#\n",
+ "#includedir /etc/sudoers.d\n";
close SUDOERS;
}
+# handle state directory transition from /var/run/sudo to /var/lib/sudo,
+# moving any existing content over to avoid re-lecturing existing users
+if ( -d "/var/run/sudo") {
+ system ('mkdir -p /var/lib/sudo');
+ system ('(cd /var/run/sudo ; tar cf - .) | (cd /var/lib/sudo ; tar xf -)');
+ system ('rm -rf /var/run/sudo');
+}
+
# make sure sudoers has the correct permissions and owner/group
system ('chown root:root /etc/sudoers');
system ('chmod 440 /etc/sudoers');
-# do a remove first to un-do "bad" links created by previous versions
+# must do a remove first to un-do the "bad" links created by previous version
system ('update-rc.d -f sudo remove >/dev/null 2>&1');
-system ('update-rc.d sudo start 75 S . >/dev/null');
+system ('update-rc.d sudo start 75 2 3 4 5 . >/dev/null');
+
+# create symlink to ease transition to new path for ldap config
+# if old config file exists and new one doesn't
+if (-e "/etc/ldap/ldap.conf" && ! -e "/etc/sudo-ldap.conf") {
+ system("ln -s ldap/ldap.conf /etc/sudo-ldap.conf");
+}
# make sure we have a sudo group
print "Creating group 'sudo' with gid = $gid\n";
system("groupadd -g $gid sudo");
-# create symlink to ease transition to new path for ldap config
-# if old config file exists and new one doesn't
-if (-e "/etc/ldap/ldap.conf" && ! -e "/etc/sudo-ldap.conf") {
- system("ln -s ldap/ldap.conf /etc/sudo-ldap.conf");
-}
-
print "";