From c3b4e4ce3e6ac4c62000880fc0c3e3f87124cf7f Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Wed, 8 Jul 2015 16:15:53 -0600 Subject: [PATCH] Update Debian/Ubuntu packages to be more like the vendor ones. One notable exception is that sudo.ws packages use /var/run, not /var/lib for timestamp files. --- mkpkg | 7 +++++-- plugins/sudoers/sudoers.in | 6 ++++++ sudo.pp | 4 +++- 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/mkpkg b/mkpkg index b0aa82b1f..6fc2916dc 100755 --- a/mkpkg +++ b/mkpkg @@ -194,8 +194,10 @@ case "$osversion" in if test "$flavor" = "ldap"; then configure_opts="${configure_opts}${configure_opts+$tab}--with-ldap --with-ldap-conf-file=/etc/sudo-ldap.conf" + else + configure_opts="${configure_opts}${configure_opts+$tab}--with-sssd + --with-sssd-lib=/usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH)" fi - configure_opts="${configure_opts}${configure_opts+$tab}--with-selinux" configure_opts="--prefix=/usr --with-all-insults --with-pam @@ -212,7 +214,8 @@ case "$osversion" in --with-sendmail=/usr/sbin/sendmail --mandir=/usr/share/man --libexecdir=/usr/lib - --with-secure-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin + --with-selinux + --with-linux-audit $configure_opts" ;; macos*) diff --git a/plugins/sudoers/sudoers.in b/plugins/sudoers/sudoers.in index b0c38bf51..6216dfd6c 100644 --- a/plugins/sudoers/sudoers.in +++ b/plugins/sudoers/sudoers.in @@ -56,6 +56,12 @@ ## this may allow users to subvert the command being run via sudo. # Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER" ## +## Uncomment to use a hard-coded PATH instead of the user's to find commands +# Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" +## +## Uncomment to send mail if the user does not enter the correct password. +# Defaults mail_badpass +## ## Uncomment to enable logging of a command's output, except for ## sudoreplay and reboot. Use sudoreplay to play back logged sessions. # Defaults log_output diff --git a/sudo.pp b/sudo.pp index 111f0d4aa..3cd57f806 100644 --- a/sudo.pp +++ b/sudo.pp @@ -195,6 +195,8 @@ still allow people to get their work done." /Locale settings/+1,s/^# // /X11 resource/+1,s/^# // /^# \%sudo/,s/^# // + /^# Defaults secure_path/,s/^# // + /^# Defaults mail_badpass/,s/^# // w q EOF @@ -244,7 +246,7 @@ still allow people to get their work done." fi %depend [deb] - libc6, libpam0g, libpam-modules, zlib1g, libselinux1 + libc6, libpam0g, libpam-modules, zlib1g, libselinux1, libaudit1 %fixup [deb] # Add Conflicts, Replaces headers and add libldap depedency as needed. -- 2.40.0