The basic philosophy is to give as few privileges as possible but \
still allow people to get their work done."
vendor="Todd C. Miller"
- copyright="(c) 1993-1996,1998-2011 Todd C. Miller"
+ copyright="(c) 1993-1996,1998-2012 Todd C. Miller"
%if [aix]
# AIX package summary is limited to 40 characters
# Note that the order must match that of sudoers.
case "$pp_rpm_distro" in
centos*|rhel*)
+ chmod u+w ${pp_destdir}${sudoersdir}/sudoers
/bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
/Locale settings/+1,s/^# //
/Desktop path settings/+1,s/^# //
w
q
EOF
+ chmod u-w ${pp_destdir}${sudoersdir}/sudoers
;;
sles*)
+ chmod u+w ${pp_destdir}${sudoersdir}/sudoers
/bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
/Locale settings/+1,s/^# //
/ConsoleKit session/+1,s/^# //
w
q
EOF
+ chmod u-w ${pp_destdir}${sudoersdir}/sudoers
;;
esac
%if [deb]
# Uncomment some Defaults and the %sudo rule in sudoers
# Note that the order must match that of sudoers and be tab-indented.
+ chmod u+w ${pp_destdir}${sudoersdir}/sudoers
/bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
/Locale settings/+1,s/^# //
/X11 resource/+1,s/^# //
w
q
EOF
+ chmod u-w ${pp_destdir}${sudoersdir}/sudoers
mkdir -p ${pp_destdir}/etc/pam.d
cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
#%PAM-1.0
EOF
%endif
+%if [macos]
+ pp_macos_pkg_type=flat
+ pp_macos_bundle_id=ws.sudo.pkg.sudo
+ pp_macos_pkg_license=doc/LICENSE
+ pp_macos_pkg_readme=${pp_wrkdir}/ReadMe.txt
+ perl -pe 'last if (/^What/i && $seen++)' NEWS > ${pp_wrkdir}/ReadMe.txt
+%endif
+
+ # OS-level directories that should generally exist but might not.
+ extradirs=`echo ${pp_destdir}/${mandir}/[mc]* | sed "s#${pp_destdir}/##g"`
+ extradirs="$extradirs `dirname $docdir` `dirname $timedir`"
+ test -d ${pp_destdir}/etc/pam.d && extradirs="${extradirs} /etc/pam.d"
+ for dir in $bindir $sbindir $libexecdir $includedir $extradirs; do
+ while test "$dir" != "/"; do
+ osdirs="${osdirs}${osdirs+ }$dir/"
+ dir=`dirname $dir`
+ done
+ done
+ osdirs=`echo $osdirs | tr " " "\n" | sort -u`
+
%files
- $bindir/sudo 4111 root:
- $bindir/sudoedit 4111 root:
- $sbindir/visudo 0111
- $bindir/sudoreplay 0111
- $includedir/sudo_plugin.h
- $libexecdir/*
+ $osdirs -
+ $bindir/sudo 4111 root:
+ $bindir/sudoedit 4111 root:
+ $sbindir/visudo 0111
+ $bindir/sudoreplay 0111
+ $includedir/sudo_plugin.h 0444
+ $libexecdir/* 0755 optional
$sudoersdir/sudoers.d/ 0750 $sudoers_uid:$sudoers_gid
$timedir/ 0700 root:
- $docdir/
- $docdir/*
- $localedir/ optional
- $localedir/** optional
- /etc/pam.d/* volatile,optional
+ $docdir/ 0755
+ $docdir/sudoers2ldif 0555 optional,ignore-others
+ $docdir/* 0444
+ $localedir/ - optional
+ $localedir/** 0444 optional
+ /etc/pam.d/* 0444 volatile,optional
%if [rpm,deb]
$sudoersdir/sudoers $sudoers_mode $sudoers_uid:$sudoers_gid volatile
%else
%post [!rpm,deb]
# Don't overwrite an existing sudoers file
+%if [solaris]
+ sudoersdir=${PKG_INSTALL_ROOT}%{sudoersdir}
+%else
sudoersdir=%{sudoersdir}
+%endif
if test ! -r $sudoersdir/sudoers; then
cp $sudoersdir/sudoers.dist $sudoersdir/sudoers
chmod %{sudoers_mode} $sudoersdir/sudoers