X-Git-Url: https://git.gag.com/?a=blobdiff_plain;f=debian%2Fsudo-ldap.postinst;h=c242be1f9c2076d88c5ba364c575d62605e24e98;hb=25c851c5ff2282c253e980b1e299752688f16f63;hp=75c41f9262dc27cfbba4ed7cef5d8966faad4cdb;hpb=359403c400da513c87c268b78b80ef1438fc2940;p=debian%2Fsudo diff --git a/debian/sudo-ldap.postinst b/debian/sudo-ldap.postinst index 75c41f9..c242be1 100644 --- a/debian/sudo-ldap.postinst +++ b/debian/sudo-ldap.postinst @@ -1,74 +1,72 @@ -#!/usr/bin/perl +#!/bin/sh # remove old link -unlink ("/etc/alternatives/sudo") if ( -l "/etc/alternatives/sudo"); - -# make sure we have a sudoers file -if ( ! -f "/etc/sudoers") { - - print "No /etc/sudoers found... creating one for you.\n"; - - open (SUDOERS, "> /etc/sudoers"); - print SUDOERS "# /etc/sudoers\n", - "#\n", - "# This file MUST be edited with the 'visudo' command as root.\n", - "#\n", - "# See the man page for details on how to write a sudoers file.\n", - "#\n\nDefaults\tenv_reset\n\n", - "# Host alias specification\n\n", - "# User alias specification\n\n", - "# Cmnd alias specification\n\n", - "# User privilege specification\nroot\tALL=(ALL) ALL\n\n", - "# Allow members of group sudo to not need a password\n", - "# (Note that later entries override this, so you might need to move\n", - "# it further down)\n", - "%sudo ALL=(ALL) ALL\n", - "#\n", - "#includedir /etc/sudoers.d\n"; - close SUDOERS; - -} +if [ -L /etc/alternatives/sudo ]; then + rm /etc/alternatives/sudo +fi + +# complain if no sudoers file is present +if [ ! -f /etc/sudoers ];then + echo "WARNING: /etc/sudoers not present!"; +fi + +# handle state directory transition from /var/run/sudo to /var/lib/sudo, +# moving any existing content over to avoid re-lecturing existing users +if [ -d "/var/run/sudo" ];then + mkdir -p /var/lib/sudo + (cd /var/run/sudo ; tar cf - .) | (cd /var/lib/sudo ; tar xf -) + rm -rf /var/run/sudo +fi # make sure sudoers has the correct permissions and owner/group -system ('chown root:root /etc/sudoers'); -system ('chmod 440 /etc/sudoers'); +chown root:root /etc/sudoers +chmod 440 /etc/sudoers -# must do a remove first to un-do the "bad" links created by previous version -system ('update-rc.d -f sudo remove >/dev/null 2>&1'); +update-rc.d -f sudo remove >/dev/null 2>&1 -system ('update-rc.d sudo start 75 2 3 4 5 . >/dev/null'); +update-rc.d sudo start 75 2 3 4 5 . >/dev/null # create symlink to ease transition to new path for ldap config # if old config file exists and new one doesn't -if (-e "/etc/ldap/ldap.conf" && ! -e "/etc/sudo-ldap.conf") { - system("ln -s ldap/ldap.conf /etc/sudo-ldap.conf"); -} +if [ -e /etc/ldap/ldap.conf && ! -e /etc/sudo-ldap.conf ];then + ln -s ldap/ldap.conf /etc/sudo-ldap.conf +fi + +# if we've gotten this far .. remove the saved, unchanged old sudoers file +rm -f /etc/sudoers.pre-conffile # make sure we have a sudo group -exit 0 if getgrnam("sudo"); # we're finished if there is a group sudo - -$gid = 27; # start searcg with gid 27 -setgrent; -while (getgrgid($gid)) { - ++$gid; -} -endgrent; - -if ($gid != 27) { - print "On Debian we normally use gid 27 for 'sudo'.\n"; - $gname = getgrgid(27); - print "However, on your system gid 27 is group '$gname'.\n\n"; - print "Would you like me to stop configuring sudo so that you can change this? [n] "; - $ans = ; - if ($ans =~ m/^[yY].*/) { - print "'dpkg --pending --configure' will restart the configuration.\n\n\n"; - exit 1; - } -} - -print "Creating group 'sudo' with gid = $gid\n"; -system("groupadd -g $gid sudo"); - -print ""; +[ -n "`/usr/bin/getent group sudo`" ] && exit 0 # we're finished if there is a group sudo: + +# start search with gid 27 +gid="27" +while [ -n "`/usr/bin/getent group $gid | /usr/bin/cut -d: -f3`" ];do + gid=`/usr/bin/expr $gid + 1` +done + + +if [ "$gid" -ne "27" ];then + echo "On Debian we normally use gid 27 for 'sudo'." + gname="`/usr/bin/getent group 27 | /usr/bin/cut -d: -f1`" + echo "However, on your system gid 27 is group '$gname'." + echo "" + echo "Would you like me to stop configuring sudo so that you can change this?"; + while true;do + echo -n "(Enter 'yes' to stop, enter to continue): " + read ans + [ "$ans" = "" ] && break + if [ "$ans" = "yes" -o "$ans" = "YES" ];then + echo "'dpkg --pending --configure' will restart the configuration.\n\n" + exit 1; + fi + echo "Please enter exactly 'yes' to stop, or press the enter key to continue without stopping" + done +fi + +echo "Creating group 'sudo' with gid = $gid"; +groupadd -g $gid sudo + +echo "" +