Annotation of embedaddon/sudo/sudo.pp, revision 1.1
1.1 ! misho 1: %set
! 2: if test -n "$flavor"; then
! 3: name="sudo-$flavor"
! 4: pp_kit_package="sudo_$flavor"
! 5: else
! 6: name="sudo"
! 7: pp_kit_package="sudo"
! 8: fi
! 9: summary="Provide limited super-user privileges to specific users"
! 10: description="Sudo is a program designed to allow a sysadmin to give \
! 11: limited root privileges to users and log root activity. \
! 12: The basic philosophy is to give as few privileges as possible but \
! 13: still allow people to get their work done."
! 14: vendor="Todd C. Miller"
! 15: copyright="(c) 1993-1996,1998-2011 Todd C. Miller"
! 16:
! 17: %if [aix]
! 18: # AIX package summary is limited to 40 characters
! 19: summary="Configurable super-user privileges"
! 20:
! 21: # Convert to 4 part version for AIX, including patch level
! 22: pp_aix_version=`echo $version|sed -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)p\([0-9]*\)$/\1.\2/' -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)[^0-9\.].*$/\1/' -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)$/\1.0/'`
! 23: %endif
! 24:
! 25: %if [kit]
! 26: # Strip off patchlevel for kit which only supports xyz versions
! 27: pp_kit_version="`echo $version|sed -e 's/\.//g' -e 's/[^0-9][^0-9]*[0-9][0-9]*$//'`"
! 28: pp_kit_name="TCM"
! 29: %endif
! 30:
! 31: %if [sd]
! 32: pp_sd_vendor_tag="TCM"
! 33: %endif
! 34:
! 35: %if [solaris]
! 36: pp_solaris_name="TCM${name}"
! 37: pp_solaris_pstamp=`/usr/bin/date "+%B %d, %Y"`
! 38: %endif
! 39:
! 40: %if [rpm,deb]
! 41: # Convert patch level into release and remove from version
! 42: pp_rpm_release="`expr \( $version : '.*p\([0-9][0-9]*\)' \| 0 \) + 1`"
! 43: pp_rpm_version="`expr $version : '\(.*\)p[0-9][0-9]*'`"
! 44: pp_rpm_license="BSD"
! 45: pp_rpm_url="http://www.sudo.ws/"
! 46: pp_rpm_group="Applications/System"
! 47: pp_rpm_packager="Todd.Miller@courtesan.com"
! 48: if test -n "$linux_audit"; then
! 49: pp_rpm_requires="audit-libs >= $linux_audit"
! 50: fi
! 51:
! 52: pp_deb_maintainer="$pp_rpm_packager"
! 53: pp_deb_release="$pp_rpm_release"
! 54: pp_deb_version="$pp_rpm_version"
! 55: %else
! 56: # For all but RPM and Debian we need to install sudoers with a different
! 57: # name and make a copy of it if there is no existing file.
! 58: mv ${pp_destdir}$sudoersdir/sudoers ${pp_destdir}$sudoersdir/sudoers.dist
! 59: %endif
! 60:
! 61: %if [rpm]
! 62: # Add distro info to release
! 63: osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*//' -e 's/-.*$//'`
! 64: case "$pp_rpm_distro" in
! 65: centos*|rhel*)
! 66: pp_rpm_release="$pp_rpm_release.el${osrelease%%[0-9]}"
! 67: ;;
! 68: sles*)
! 69: pp_rpm_release="$pp_rpm_release.sles$osrelease"
! 70: ;;
! 71: esac
! 72:
! 73: # Uncomment some Defaults in sudoers
! 74: # Note that the order must match that of sudoers.
! 75: case "$pp_rpm_distro" in
! 76: centos*|rhel*)
! 77: /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
! 78: /Locale settings/+1,s/^# //
! 79: /Desktop path settings/+1,s/^# //
! 80: w
! 81: q
! 82: EOF
! 83: ;;
! 84: sles*)
! 85: /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
! 86: /Locale settings/+1,s/^# //
! 87: /ConsoleKit session/+1,s/^# //
! 88: /allow any user to run sudo if they know the password/+2,s/^# //
! 89: /allow any user to run sudo if they know the password/+3,s/^# //
! 90: w
! 91: q
! 92: EOF
! 93: ;;
! 94: esac
! 95:
! 96: # For RedHat the doc dir is expected to include version and release
! 97: case "$pp_rpm_distro" in
! 98: centos*|rhel*)
! 99: mv ${pp_destdir}/${docdir} ${pp_destdir}/${docdir}-${version}-${pp_rpm_release}
! 100: docdir=${docdir}-${version}-${pp_rpm_release}
! 101: ;;
! 102: esac
! 103:
! 104: # Choose the correct PAM file by distro, must be tab indented for "<<-"
! 105: case "$pp_rpm_distro" in
! 106: centos*|rhel*)
! 107: mkdir -p ${pp_destdir}/etc/pam.d
! 108: if test $osrelease -lt 50; then
! 109: cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
! 110: #%PAM-1.0
! 111: auth required pam_stack.so service=system-auth
! 112: account required pam_stack.so service=system-auth
! 113: password required pam_stack.so service=system-auth
! 114: session required pam_limits.so
! 115: EOF
! 116: else
! 117: cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
! 118: #%PAM-1.0
! 119: auth include system-auth
! 120: account include system-auth
! 121: password include system-auth
! 122: session optional pam_keyinit.so revoke
! 123: session required pam_limits.so
! 124: EOF
! 125: cat > ${pp_destdir}/etc/pam.d/sudo-i <<-EOF
! 126: #%PAM-1.0
! 127: auth include sudo
! 128: account include sudo
! 129: password include sudo
! 130: session optional pam_keyinit.so force revoke
! 131: session required pam_limits.so
! 132: EOF
! 133: fi
! 134: ;;
! 135: sles*)
! 136: mkdir -p ${pp_destdir}/etc/pam.d
! 137: if test $osrelease -lt 10; then
! 138: cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
! 139: #%PAM-1.0
! 140: auth required pam_unix2.so
! 141: session required pam_limits.so
! 142: EOF
! 143: else
! 144: cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
! 145: #%PAM-1.0
! 146: auth include common-auth
! 147: account include common-account
! 148: password include common-password
! 149: session include common-session
! 150: # session optional pam_xauth.so
! 151: EOF
! 152: fi
! 153: ;;
! 154: esac
! 155: %endif
! 156:
! 157: %if [deb]
! 158: # Uncomment some Defaults and the %sudo rule in sudoers
! 159: # Note that the order must match that of sudoers and be tab-indented.
! 160: /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
! 161: /Locale settings/+1,s/^# //
! 162: /X11 resource/+1,s/^# //
! 163: /^# \%sudo/,s/^# //
! 164: w
! 165: q
! 166: EOF
! 167: mkdir -p ${pp_destdir}/etc/pam.d
! 168: cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
! 169: #%PAM-1.0
! 170:
! 171: @include common-auth
! 172: @include common-account
! 173:
! 174: session required pam_permit.so
! 175: session required pam_limits.so
! 176: EOF
! 177: %endif
! 178:
! 179: # OS-level directories that should generally exist but might not.
! 180: extradirs=`echo ${pp_destdir}/${mandir}/[mc]* | sed "s#${pp_destdir}/##g"`
! 181: extradirs="$extradirs `dirname $docdir` `dirname $timedir`"
! 182: test -d ${pp_destdir}/etc/pam.d && extradirs="${extradirs} /etc/pam.d"
! 183: for dir in $bindir $sbindir $libexecdir $includedir $extradirs; do
! 184: while test "$dir" != "/"; do
! 185: osdirs="${osdirs}${osdirs+ }$dir/"
! 186: dir=`dirname $dir`
! 187: done
! 188: done
! 189: osdirs=`echo $osdirs | tr " " "\n" | sort -u`
! 190:
! 191: %files
! 192: $osdirs -
! 193: $bindir/sudo 4111 root:
! 194: $bindir/sudoedit 4111 root:
! 195: $sbindir/visudo 0111
! 196: $bindir/sudoreplay 0111
! 197: $includedir/sudo_plugin.h
! 198: $libexecdir/* optional
! 199: $sudoersdir/sudoers.d/ 0750 $sudoers_uid:$sudoers_gid
! 200: $timedir/ 0700 root:
! 201: $docdir/
! 202: $docdir/*
! 203: $localedir/ optional
! 204: $localedir/** optional
! 205: /etc/pam.d/* volatile,optional
! 206: %if [rpm,deb]
! 207: $sudoersdir/sudoers $sudoers_mode $sudoers_uid:$sudoers_gid volatile
! 208: %else
! 209: $sudoersdir/sudoers.dist $sudoers_mode $sudoers_uid:$sudoers_gid volatile
! 210: %endif
! 211:
! 212: %files [!aix]
! 213: $mandir/man*/*
! 214:
! 215: %files [aix]
! 216: # Some versions use catpages, some use manpages.
! 217: $mandir/cat*/* optional
! 218: $mandir/man*/* optional
! 219:
! 220: %post [!rpm,deb]
! 221: # Don't overwrite an existing sudoers file
! 222: sudoersdir=%{sudoersdir}
! 223: if test ! -r $sudoersdir/sudoers; then
! 224: cp $sudoersdir/sudoers.dist $sudoersdir/sudoers
! 225: chmod %{sudoers_mode} $sudoersdir/sudoers
! 226: chown %{sudoers_uid} $sudoersdir/sudoers
! 227: chgrp %{sudoers_gid} $sudoersdir/sudoers
! 228: fi
! 229:
! 230: %post [deb]
! 231: # dpkg-deb does not maintain the mode on the sudoers file, and
! 232: # installs it 0640 when sudo requires 0440
! 233: chmod %{sudoers_mode} %{sudoersdir}/sudoers
! 234:
! 235: # create symlink to ease transition to new path for ldap config
! 236: # if old config file exists and new one doesn't
! 237: if test X"%{flavor}" = X"ldap" -a \
! 238: -r /etc/ldap/ldap.conf -a ! -r /etc/sudo-ldap.conf; then
! 239: ln -s /etc/ldap/ldap.conf /etc/sudo-ldap.conf
! 240: fi
! 241:
! 242: # Debian uses a sudo group in its default sudoers file
! 243: perl -e '
! 244: exit 0 if getgrnam("sudo");
! 245: $gid = 27; # default debian sudo gid
! 246: setgrent();
! 247: while (getgrgid($gid)) { $gid++; }
! 248: if ($gid != 27) {
! 249: print "On Debian we normally use gid 27 for \"sudo\".\n";
! 250: $gname = getgrgid(27);
! 251: print "However, on your system gid 27 is group \"$gname\".\n\n";
! 252: print "Would you like me to stop configuring sudo so that you can change this? [n] ";
! 253: $ans = <STDIN>;
! 254: if ($ans =~ /^[yY]/) {
! 255: print "\"dpkg --pending --configure\" will restart the configuration.\n\n";
! 256: exit 1;
! 257: }
! 258: }
! 259: print "Creating group \"sudo\" with gid = $gid\n";
! 260: system("groupadd -g $gid sudo");
! 261: exit 0;
! 262: '
! 263:
! 264: %preun [deb]
! 265: # Remove the /etc/ldap/ldap.conf -> /etc/sudo-ldap.conf symlink if
! 266: # it matches what we created in the postinstall script.
! 267: if test X"%{flavor}" = X"ldap" -a \
! 268: X"`readlink /etc/sudo-ldap.conf 2>/dev/null`" = X"/etc/ldap/ldap.conf"; then
! 269: rm -f /etc/sudo-ldap.conf
! 270: fi
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to sudo.pp CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo