version 1.1.1.1, 2012/02/21 16:23:02
|
version 1.1.1.2, 2012/05/29 12:26:49
|
Line 12 limited root privileges to users and log root activity
|
Line 12 limited root privileges to users and log root activity
|
The basic philosophy is to give as few privileges as possible but \ |
The basic philosophy is to give as few privileges as possible but \ |
still allow people to get their work done." |
still allow people to get their work done." |
vendor="Todd C. Miller" |
vendor="Todd C. Miller" |
copyright="(c) 1993-1996,1998-2011 Todd C. Miller" | copyright="(c) 1993-1996,1998-2012 Todd C. Miller" |
|
|
%if [aix] |
%if [aix] |
# AIX package summary is limited to 40 characters |
# AIX package summary is limited to 40 characters |
Line 74 still allow people to get their work done."
|
Line 74 still allow people to get their work done."
|
# Note that the order must match that of sudoers. |
# Note that the order must match that of sudoers. |
case "$pp_rpm_distro" in |
case "$pp_rpm_distro" in |
centos*|rhel*) |
centos*|rhel*) |
|
chmod u+w ${pp_destdir}${sudoersdir}/sudoers |
/bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF' |
/bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF' |
/Locale settings/+1,s/^# // |
/Locale settings/+1,s/^# // |
/Desktop path settings/+1,s/^# // |
/Desktop path settings/+1,s/^# // |
w |
w |
q |
q |
EOF |
EOF |
|
chmod u-w ${pp_destdir}${sudoersdir}/sudoers |
;; |
;; |
sles*) |
sles*) |
|
chmod u+w ${pp_destdir}${sudoersdir}/sudoers |
/bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF' |
/bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF' |
/Locale settings/+1,s/^# // |
/Locale settings/+1,s/^# // |
/ConsoleKit session/+1,s/^# // |
/ConsoleKit session/+1,s/^# // |
Line 90 still allow people to get their work done."
|
Line 93 still allow people to get their work done."
|
w |
w |
q |
q |
EOF |
EOF |
|
chmod u-w ${pp_destdir}${sudoersdir}/sudoers |
;; |
;; |
esac |
esac |
|
|
Line 157 still allow people to get their work done."
|
Line 161 still allow people to get their work done."
|
%if [deb] |
%if [deb] |
# Uncomment some Defaults and the %sudo rule in sudoers |
# Uncomment some Defaults and the %sudo rule in sudoers |
# Note that the order must match that of sudoers and be tab-indented. |
# Note that the order must match that of sudoers and be tab-indented. |
|
chmod u+w ${pp_destdir}${sudoersdir}/sudoers |
/bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF' |
/bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF' |
/Locale settings/+1,s/^# // |
/Locale settings/+1,s/^# // |
/X11 resource/+1,s/^# // |
/X11 resource/+1,s/^# // |
Line 164 still allow people to get their work done."
|
Line 169 still allow people to get their work done."
|
w |
w |
q |
q |
EOF |
EOF |
|
chmod u-w ${pp_destdir}${sudoersdir}/sudoers |
mkdir -p ${pp_destdir}/etc/pam.d |
mkdir -p ${pp_destdir}/etc/pam.d |
cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF |
cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF |
#%PAM-1.0 |
#%PAM-1.0 |
Line 176 still allow people to get their work done."
|
Line 182 still allow people to get their work done."
|
EOF |
EOF |
%endif |
%endif |
|
|
|
%if [macos] |
|
pp_macos_pkg_type=flat |
|
pp_macos_bundle_id=ws.sudo.pkg.sudo |
|
pp_macos_pkg_license=doc/LICENSE |
|
pp_macos_pkg_readme=${pp_wrkdir}/ReadMe.txt |
|
perl -pe 'last if (/^What/i && $seen++)' NEWS > ${pp_wrkdir}/ReadMe.txt |
|
%endif |
|
|
# OS-level directories that should generally exist but might not. |
# OS-level directories that should generally exist but might not. |
extradirs=`echo ${pp_destdir}/${mandir}/[mc]* | sed "s#${pp_destdir}/##g"` |
extradirs=`echo ${pp_destdir}/${mandir}/[mc]* | sed "s#${pp_destdir}/##g"` |
extradirs="$extradirs `dirname $docdir` `dirname $timedir`" |
extradirs="$extradirs `dirname $docdir` `dirname $timedir`" |
Line 189 still allow people to get their work done."
|
Line 203 still allow people to get their work done."
|
osdirs=`echo $osdirs | tr " " "\n" | sort -u` |
osdirs=`echo $osdirs | tr " " "\n" | sort -u` |
|
|
%files |
%files |
$osdirs - | $osdirs - |
$bindir/sudo 4111 root: | $bindir/sudo 4111 root: |
$bindir/sudoedit 4111 root: | $bindir/sudoedit 4111 root: |
$sbindir/visudo 0111 | $sbindir/visudo 0111 |
$bindir/sudoreplay 0111 | $bindir/sudoreplay 0111 |
$includedir/sudo_plugin.h | $includedir/sudo_plugin.h 0444 |
$libexecdir/* optional | $libexecdir/* 0755 optional |
$sudoersdir/sudoers.d/ 0750 $sudoers_uid:$sudoers_gid |
$sudoersdir/sudoers.d/ 0750 $sudoers_uid:$sudoers_gid |
$timedir/ 0700 root: |
$timedir/ 0700 root: |
$docdir/ | $docdir/ 0755 |
$docdir/* | $docdir/sudoers2ldif 0555 optional,ignore-others |
$localedir/ optional | $docdir/* 0444 |
$localedir/** optional | $localedir/ - optional |
/etc/pam.d/* volatile,optional | $localedir/** 0444 optional |
| /etc/pam.d/* 0444 volatile,optional |
%if [rpm,deb] |
%if [rpm,deb] |
$sudoersdir/sudoers $sudoers_mode $sudoers_uid:$sudoers_gid volatile |
$sudoersdir/sudoers $sudoers_mode $sudoers_uid:$sudoers_gid volatile |
%else |
%else |
Line 219 still allow people to get their work done."
|
Line 234 still allow people to get their work done."
|
|
|
%post [!rpm,deb] |
%post [!rpm,deb] |
# Don't overwrite an existing sudoers file |
# Don't overwrite an existing sudoers file |
|
%if [solaris] |
|
sudoersdir=${PKG_INSTALL_ROOT}%{sudoersdir} |
|
%else |
sudoersdir=%{sudoersdir} |
sudoersdir=%{sudoersdir} |
|
%endif |
if test ! -r $sudoersdir/sudoers; then |
if test ! -r $sudoersdir/sudoers; then |
cp $sudoersdir/sudoers.dist $sudoersdir/sudoers |
cp $sudoersdir/sudoers.dist $sudoersdir/sudoers |
chmod %{sudoers_mode} $sudoersdir/sudoers |
chmod %{sudoers_mode} $sudoersdir/sudoers |