don't use NOPASSWD in the default sudoers file

diff --git a/debian/changelog b/debian/changelog
index cb081009f26c3a5f9a3aa17ecff0f549a3031cae..88e277486201a185a310ce68b6397f1f7f6bb31b 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+sudo (1.7.2-2) UNRELEASED; urgency=low
+
+  * further improve initial sudoers to not include the NOPASSWD option on 
+    the group sudo exception, closes: #539136, #198991
+
+ -- Bdale Garbee <bdale@gag.com>  Wed, 29 Jul 2009 16:21:04 +0200
+
 sudo (1.7.2-1) unstable; urgency=low
 
   * new upstream version, closes: #537103

diff --git a/debian/sudo-ldap.postinst b/debian/sudo-ldap.postinst
index e464377bd4f9677d80b8adae79d3bcf555141511..5145cc9b74289f9296021e0591851ab414e051ea 100644 (file)
--- a/debian/sudo-ldap.postinst
+++ b/debian/sudo-ldap.postinst
@@ -23,7 +23,7 @@ if ( ! -f "/etc/sudoers") {
          "# Allow members of group sudo to not need a password\n",
          "# (Note that later entries override this, so you might need to move\n",
           "# it further down)\n",
-         "%sudo ALL=(ALL) NOPASSWD: ALL\n";
+         "%sudo ALL=(ALL) ALL\n";
        close SUDOERS;
 
 }

diff --git a/debian/sudo.postinst b/debian/sudo.postinst
index c1a8b519f959873bd703639e5e799acb1538d370..c4f948220a7a08d7916094fa1b9e0c0a70a4f6e6 100644 (file)
--- a/debian/sudo.postinst
+++ b/debian/sudo.postinst
@@ -23,7 +23,7 @@ if ( ! -f "/etc/sudoers") {
          "# Allow members of group sudo to not need a password\n",
          "# (Note that later entries override this, so you might need to move\n",
           "# it further down)\n",
-         "%sudo ALL=(ALL) NOPASSWD: ALL\n";
+         "%sudo ALL=(ALL) ALL\n";
        close SUDOERS;
 
 }