From: Bdale Garbee Date: Mon, 31 Aug 2009 21:10:11 +0000 (-0600) Subject: there must be at least one file in /etc/sudoers.d with permissions 0440, X-Git-Tag: debian/1.7.2p1-1~6 X-Git-Url: https://git.gag.com/?a=commitdiff_plain;h=ae5bc08ccdea37bfadec0a4a73355e1b21342f15;p=debian%2Fsudo there must be at least one file in /etc/sudoers.d with permissions 0440, which we will finesse by delivering a README file in valid syntax there... --- diff --git a/debian/README b/debian/README new file mode 100644 index 0000000..235fd7a --- /dev/null +++ b/debian/README @@ -0,0 +1,18 @@ +# +# As of Debian version 1.7.2p1-1, the default /etc/sudoers file created on +# installation of the package now includes the directive: +# +# #includedir /etc/sudoers.d +# +# This will cause sudo to read and parse any files in the /etc/sudoers.d +# directory that do not end in '~' or contain a '.' character. +# +# Note that there must be at least one file in the sudoers.d directory (this +# one will do), and all files in this directory must be mode 0440. +# +# Note that because the sudoers file is not a 'conffile' in the Debian sense, +# and sudoers contents can very widely, no attempt is made to add this directive +# to existing sudoers files on upgrade. Feel free to add the above directive +# to the end of your /etc/sudoers file to enable this functionality for existing +# installations if you wish! +# diff --git a/debian/README.Debian b/debian/README.Debian index c89e431..ae4212f 100644 --- a/debian/README.Debian +++ b/debian/README.Debian @@ -1,19 +1,3 @@ -As of Debian version 1.7.2p1-1, the default /etc/sudoers file created on -installation of the package now includes the directive: - - #includedir /etc/sudoers.d - -This will cause sudo to read and parse any files in the /etc/sudoers.d -directory that do not end in '~' or contain a '.' character. - -Note that because the sudoers file is not a 'conffile' in the Debian sense, -and sudoers contents can very widely, no attempt is made to add this directive -to existing sudoers files on upgrade. Feel free to add the above directive -to the end of your /etc/sudoers file to enable this functionality for existing -installations if you wish! - - - - - - - - The version of sudo that ships with Debian by default resets the environment, as described by the "env_reset" flag in the sudoers file. diff --git a/debian/rules b/debian/rules index 8d4ea40..57580d1 100755 --- a/debian/rules +++ b/debian/rules @@ -102,12 +102,14 @@ install: build-stamp debian/sudo-ldap/etc/pam.d/sudo install -o root -g root -m 0644 $(CURDIR)/debian/sudo.lintian \ - debian/sudo/usr/share/lintian/overrides/sudo + $(CURDIR)/debian/sudo/usr/share/lintian/overrides/sudo install -o root -g root -m 0644 $(CURDIR)/debian/sudo-ldap.lintian \ - debian/sudo-ldap/usr/share/lintian/overrides/sudo-ldap + $(CURDIR)/debian/sudo-ldap/usr/share/lintian/overrides/sudo-ldap - ln -s /usr/share/doc/sudo/README.Debian debian/sudo/etc/sudoers.d - ln -s /usr/share/doc/sudo/README.Debian debian/sudo-ldap/etc/sudoers.d + install -o root -g root -m 0440 $(CURDIR)/debian/README \ + $(CURDIR)/debian/sudo/etc/sudoers.d/README + install -o root -g root -m 0440 $(CURDIR)/debian/README \ + $(CURDIR)/debian/sudo-ldap/etc/sudoers.d/README binary-indep: build install