X-Git-Url: https://git.gag.com/?a=blobdiff_plain;f=debian%2Fsudo-ldap.postinst;h=0aa57a94eec7ab18b73389784650d4856ccda3ae;hb=84973cfc00647d6536cae765e5ab6d044c8344cd;hp=d7184d5171bd63e1335eb8ad1e218a36a3563179;hpb=7a920628039c6a87504ed39b15371e3b6e649d6e;p=debian%2Fsudo diff --git a/debian/sudo-ldap.postinst b/debian/sudo-ldap.postinst index d7184d5..0aa57a9 100644 --- a/debian/sudo-ldap.postinst +++ b/debian/sudo-ldap.postinst @@ -1,72 +1,81 @@ -#!/usr/bin/perl +#!/bin/sh -# remove old link - -unlink ("/etc/alternatives/sudo") if ( -l "/etc/alternatives/sudo"); - -# make sure we have a sudoers file -if ( ! -f "/etc/sudoers") { +set -e - print "No /etc/sudoers found... creating one for you.\n"; - - open (SUDOERS, "> /etc/sudoers"); - print SUDOERS "# /etc/sudoers\n", - "#\n", - "# This file MUST be edited with the 'visudo' command as root.\n", - "#\n", - "# See the man page for details on how to write a sudoers file.\n", - "#\n\nDefaults\tenv_reset\n\n", - "# Host alias specification\n\n", - "# User alias specification\n\n", - "# Cmnd alias specification\n\n", - "# User privilege specification\nroot\tALL=(ALL) ALL\n\n", - "# Uncomment to allow members of group sudo to not need a password\n", - "# (Note that later entries override this, so you might need to move\n", - "# it further down)\n", - "# %sudo ALL=(ALL) NOPASSWD: ALL\n"; - close SUDOERS; +# remove old link -} +if [ -L /etc/alternatives/sudo ]; then + rm /etc/alternatives/sudo +fi + +# complain if no sudoers file is present +if [ ! -f /etc/sudoers ];then + echo "WARNING: /etc/sudoers not present!"; +fi + +# modify nsswitch.conf if needed +if [ -z "`grep \"^sudoers:\" /etc/nsswitch.conf`" ] +then + echo "sudoers: files ldap" >> /etc/nsswitch.conf +fi + +# handle state directory transition from /var/run/sudo to /var/lib/sudo, +# moving any existing content over to avoid re-lecturing existing users +if [ -d "/var/run/sudo" ];then + mkdir -p /var/lib/sudo + (cd /var/run/sudo ; tar cf - .) | (cd /var/lib/sudo ; tar xf -) + rm -rf /var/run/sudo +fi # make sure sudoers has the correct permissions and owner/group -system ('chown root:root /etc/sudoers'); -system ('chmod 440 /etc/sudoers'); +chown root:root /etc/sudoers +chmod 440 /etc/sudoers -# do a remove first to un-do "bad" links created by previous versions -system ('update-rc.d -f sudo remove >/dev/null 2>&1'); +update-rc.d -f sudo remove >/dev/null 2>&1 -system ('update-rc.d sudo-ldap start 75 S . >/dev/null'); - -# make sure we have a sudo group - -exit 0 if getgrnam("sudo"); # we're finished if there is a group sudo - -$gid = 27; # start searcg with gid 27 -setgrent; -while (getgrgid($gid)) { - ++$gid; -} -endgrent; - -if ($gid != 27) { - print "On Debian we normally use gid 27 for 'sudo'.\n"; - $gname = getgrgid(27); - print "However, on your system gid 27 is group '$gname'.\n\n"; - print "Would you like me to stop configuring sudo so that you can change this? [n] "; - $ans = ; - if ($ans =~ m/^[yY].*/) { - print "'dpkg --pending --configure' will restart the configuration.\n\n\n"; - exit 1; - } -} - -print "Creating group 'sudo' with gid = $gid\n"; -system("groupadd -g $gid sudo"); +update-rc.d sudo start 75 2 3 4 5 . >/dev/null # create symlink to ease transition to new path for ldap config # if old config file exists and new one doesn't -if (-e "/etc/ldap/ldap.conf" && ! -e "/etc/sudo-ldap.conf") { - system("ln -s ldap/ldap.conf /etc/sudo-ldap.conf"); -} +if [ -e /etc/ldap/ldap.conf -a ! -e /etc/sudo-ldap.conf ];then + ln -s ldap/ldap.conf /etc/sudo-ldap.conf +fi + +# if we've gotten this far .. remove the saved, unchanged old sudoers file +rm -f /etc/sudoers.pre-conffile + +# make sure we have a sudo group -print ""; +[ -n "`getent group sudo`" ] && exit 0 # we're finished if there is a group sudo: + +# start search with gid 27 +gid="27" +while [ -n "`getent group $gid | cut -d: -f3`" ];do + gid=`expr $gid + 1` +done + + +if [ "$gid" -ne "27" ];then + echo "On Debian we normally use gid 27 for 'sudo'." + gname="`getent group 27 | cut -d: -f1`" + echo "However, on your system gid 27 is group '$gname'." + echo "" + echo "Would you like me to stop configuring sudo so that you can change this?"; + while true;do + echo -n "(Enter 'yes' to stop, enter to continue): " + read ans + [ "$ans" = "" ] && break + if [ "$ans" = "yes" -o "$ans" = "YES" ];then + echo "'dpkg --pending --configure' will restart the configuration." + exit 1; + fi + echo "Please enter exactly 'yes' to stop, or press the enter key to continue without stopping" + done +fi + +echo "Creating group 'sudo' with gid = $gid"; +groupadd -g $gid sudo + +echo "" + +#DEBHELPER#