X-Git-Url: https://git.gag.com/?a=blobdiff_plain;f=debian%2Fsudo-ldap.postinst;h=aee102cba44713b6e2a773739e3382da0781ef70;hb=2c19e019cbc7f545a55a02a3476a1abb5fc4fe86;hp=627116032f7a4d32ec31b0276662f753506a1991;hpb=069e16e86d8a38a36795e5c6805cbad0d7d350ec;p=debian%2Fsudo

diff --git a/debian/sudo-ldap.postinst b/debian/sudo-ldap.postinst
index 6271160..aee102c 100644
--- a/debian/sudo-ldap.postinst
+++ b/debian/sudo-ldap.postinst
@@ -20,22 +20,38 @@ if ( ! -f "/etc/sudoers") {
 	  "# User alias specification\n\n",
 	  "# Cmnd alias specification\n\n",
 	  "# User privilege specification\nroot\tALL=(ALL) ALL\n\n",
-	  "# Uncomment to allow members of group sudo to not need a password\n",
+	  "# Allow members of group sudo to execute any command\n",
 	  "# (Note that later entries override this, so you might need to move\n",
           "# it further down)\n",
-	  "# %sudo ALL=(ALL) NOPASSWD: ALL\n";
+	  "%sudo ALL=(ALL) ALL\n",
+	  "#\n",
+	  "#includedir /etc/sudoers.d\n";
 	close SUDOERS;
 
 }
 
+# handle state directory transition from /var/run/sudo to /var/lib/sudo,
+# moving any existing content over to avoid re-lecturing existing users
+if ( -d "/var/run/sudo") {
+    system ('mkdir -p /var/lib/sudo');
+    system ('(cd /var/run/sudo ; tar cf - .) | (cd /var/lib/sudo ; tar xf -)');
+    system ('rm -rf /var/run/sudo');
+}
+
 # make sure sudoers has the correct permissions and owner/group
 system ('chown root:root /etc/sudoers');
 system ('chmod 440 /etc/sudoers');
 
-# do a remove first to un-do "bad" links created by previous versions
+# must do a remove first to un-do the "bad" links created by previous version
 system ('update-rc.d -f sudo remove >/dev/null 2>&1');
 
-system ('update-rc.d sudo start 75 S . >/dev/null');
+system ('update-rc.d sudo start 75 2 3 4 5 . >/dev/null');
+
+# create symlink to ease transition to new path for ldap config
+# if old config file exists and new one doesn't
+if (-e "/etc/ldap/ldap.conf" && ! -e "/etc/sudo-ldap.conf") {
+  system("ln -s ldap/ldap.conf /etc/sudo-ldap.conf");
+}
 
 # make sure we have a sudo group
 
@@ -63,10 +79,4 @@ if ($gid != 27) {
 print "Creating group 'sudo' with gid = $gid\n";
 system("groupadd -g $gid sudo");
 
-# create symlink to ease transition to new path for ldap config
-# if old config file exists and new one doesn't
-if (-e "/etc/ldap/ldap.conf" && ! -e "/etc/sudo-ldap.conf") {
-  system("ln -s ldap/ldap.conf /etc/sudo-ldap.conf");
-}
-
 print "";