diff options
author | Todd C. Miller <Todd.Miller@sudo.ws> | 2023-02-02 19:29:26 -0700 |
---|---|---|
committer | Todd C. Miller <Todd.Miller@sudo.ws> | 2023-02-02 19:29:26 -0700 |
commit | 43a423aedd70b14b7a70fdda02d3e7a6443ce9d5 (patch) | |
tree | 298aa0b652519bddf3b4519dd1549d5ed5bd5440 | |
parent | bc46007dc684c415d25e50f99e47ab3db726f004 (diff) | |
download | sudo-43a423aedd70b14b7a70fdda02d3e7a6443ce9d5.tar.gz |
Get rid of sudoersdir and just use sysconfdir.
There is no need for sudoersdir when it is always just set to sysconfdir.
-rw-r--r-- | Makefile.in | 2 | ||||
-rw-r--r-- | etc/sudo.pp | 48 | ||||
-rw-r--r-- | plugins/sudoers/Makefile.in | 25 |
3 files changed, 29 insertions, 46 deletions
diff --git a/Makefile.in b/Makefile.in index 1dfc892c0..0b70609cb 100644 --- a/Makefile.in +++ b/Makefile.in @@ -47,7 +47,6 @@ install_uid = 0 install_gid = 0 # sudoers owner and mode for package building -sudoersdir = $(sysconfdir) sudoers_uid = @SUDOERS_UID@ sudoers_gid = @SUDOERS_GID@ sudoers_mode = @SUDOERS_MODE@ @@ -409,7 +408,6 @@ package: @PPFILES@ docdir=$(docdir) \ exampledir=$(exampledir) \ sysconfdir=$(sysconfdir) \ - sudoersdir=$(sudoersdir) \ sudoers_uid=$(sudoers_uid) \ sudoers_gid=$(sudoers_gid) \ sudoers_mode=$(sudoers_mode) \ diff --git a/etc/sudo.pp b/etc/sudo.pp index 2941ede60..4dd5e7c19 100644 --- a/etc/sudo.pp +++ b/etc/sudo.pp @@ -37,16 +37,6 @@ still allow people to get their work done." %if [macos] # System Integrity Protection on macOS won't allow us to write # directly to /etc or /var. We must install in /private instead. - case "$sudoersdir" in - /etc|/etc/*) - mkdir -p ${pp_destdir}/private - chmod 755 ${pp_destdir}/private - if test -d ${pp_destdir}/etc; then - mv ${pp_destdir}/etc ${pp_destdir}/private/etc - fi - sudoersdir="/private${sudoersdir}" - ;; - esac case "$sysconfdir" in /etc|/etc/*) mkdir -p ${pp_destdir}/private @@ -91,12 +81,12 @@ still allow people to get their work done." pp_rpm_requires="audit-libs >= $linux_audit" fi # The package manager will handle an existing sudoers file - rm -f ${pp_destdir}$sudoersdir/sudoers.dist + rm -f ${pp_destdir}${sysconfdir}/sudoers.dist %else # For all but RPM and Debian we copy sudoers in a post-install script. - rm -f ${pp_destdir}$sudoersdir/sudoers + rm -f ${pp_destdir}${sysconfdir}/sudoers # We install sudo.conf from the example dir in a post-install script. - rm -f ${pp_destdir}$sysconfdir/sudo.conf + rm -f ${pp_destdir}${sysconfdir}/sudo.conf %endif # Stash original docdir and exampledir @@ -177,12 +167,12 @@ still allow people to get their work done." # Uncomment some Defaults in sudoers case "$pp_rpm_distro" in centos*|rhel*|f[0-9]*) - sed -e '/Locale settings/{ N;s/\(\n\)# /\1/; }' -e '/Desktop path settings/{ N;s/\(\n\)# /\1/; }' -e '/allow members of group wheel to execute any command/{ N;s/\(\n\)# /\1/; }' ${pp_destdir}${sudoersdir}/sudoers > ${pp_destdir}${sudoersdir}/sudoers.$$ - mv -f ${pp_destdir}${sudoersdir}/sudoers.$$ ${pp_destdir}${sudoersdir}/sudoers + sed -e '/Locale settings/{ N;s/\(\n\)# /\1/; }' -e '/Desktop path settings/{ N;s/\(\n\)# /\1/; }' -e '/allow members of group wheel to execute any command/{ N;s/\(\n\)# /\1/; }' ${pp_destdir}${sysconfdir}/sudoers > ${pp_destdir}${sysconfdir}/sudoers.$$ + mv -f ${pp_destdir}${sysconfdir}/sudoers.$$ ${pp_destdir}${sysconfdir}/sudoers ;; sles*) - sed -e '/Locale settings/{ N;s/\(\n\)# /\1/; }' -e '/ConsoleKit session/{ N;s/\(\n\)# /\1/; }' -e '/allow any user to run sudo if they know the password/{ N;N;N;s/\(\n\)# /\1/g; }' ${pp_destdir}${sudoersdir}/sudoers > ${pp_destdir}${sudoersdir}/sudoers.$$ - mv -f ${pp_destdir}${sudoersdir}/sudoers.$$ ${pp_destdir}${sudoersdir}/sudoers + sed -e '/Locale settings/{ N;s/\(\n\)# /\1/; }' -e '/ConsoleKit session/{ N;s/\(\n\)# /\1/; }' -e '/allow any user to run sudo if they know the password/{ N;N;N;s/\(\n\)# /\1/g; }' ${pp_destdir}${sysconfdir}/sudoers > ${pp_destdir}${sysconfdir}/sudoers.$$ + mv -f ${pp_destdir}${sysconfdir}/sudoers.$$ ${pp_destdir}${sysconfdir}/sudoers ;; esac @@ -261,8 +251,8 @@ still allow people to get their work done." %if [deb] # Uncomment some Defaults and the %sudo rule in sudoers - sed -e '/Locale settings/{ N;s/\(\n\)# /\1/; }' -e '/X11 resource/{ N;s/\(\n\)# /\1/; }' -e 's/^# \(Defaults secure_path\)/\1/' -e 's/^# \(Defaults mail_badpass\)/\1/' -e 's/^# \(\%sudo\)/\1/' ${pp_destdir}${sudoersdir}/sudoers > ${pp_destdir}${sudoersdir}/sudoers.$$ - mv -f ${pp_destdir}${sudoersdir}/sudoers.$$ ${pp_destdir}${sudoersdir}/sudoers + sed -e '/Locale settings/{ N;s/\(\n\)# /\1/; }' -e '/X11 resource/{ N;s/\(\n\)# /\1/; }' -e 's/^# \(Defaults secure_path\)/\1/' -e 's/^# \(Defaults mail_badpass\)/\1/' -e 's/^# \(\%sudo\)/\1/' ${pp_destdir}${sysconfdir}/sudoers > ${pp_destdir}${sysconfdir}/sudoers.$$ + mv -f ${pp_destdir}${sysconfdir}/sudoers.$$ ${pp_destdir}${sysconfdir}/sudoers mkdir -p ${pp_destdir}/etc/pam.d # Create Debian PAM file, must be tab indented for "<<-" cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF @@ -377,7 +367,7 @@ still allow people to get their work done." $libexecdir/sudo/sesh 0755 optional,ignore-others $libexecdir/sudo/python* optional,ignore,ignore-others $libexecdir/sudo/* $shlib_mode optional - $sudoersdir/sudoers.d/ 0750 $sudoers_uid:$sudoers_gid + $sysconfdir/sudoers.d/ 0750 $sudoers_uid:$sudoers_gid $rundir/ 0711 root: $vardir/ 0711 root: ignore-others $vardir/lectured/ 0700 root: @@ -398,10 +388,10 @@ still allow people to get their work done." $localedir/*/LC_MESSAGES/* 0644 optional /etc/pam.d/* 0644 volatile,optional %if [rpm,deb] - $sudoersdir/sudoers $sudoers_mode $sudoers_uid:$sudoers_gid volatile + $sysconfdir/sudoers $sudoers_mode $sudoers_uid:$sudoers_gid volatile $sysconfdir/sudo.conf 0644 root: volatile %else - $sudoersdir/sudoers.dist $sudoers_mode $sudoers_uid:$sudoers_gid + $sysconfdir/sudoers.dist $sudoers_mode $sudoers_uid:$sudoers_gid %endif $sysconfdir/sudo_logsrvd.conf optional,ignore,ignore-others %if X"$aix_freeware" = X"true" @@ -451,19 +441,17 @@ still allow people to get their work done." %post [!rpm,deb] # Don't overwrite existing sudoers or sudo.conf files %if [solaris] - sudoersdir=${PKG_INSTALL_ROOT}%{sudoersdir} sysconfdir=${PKG_INSTALL_ROOT}%{sysconfdir} exampledir=${PKG_INSTALL_ROOT}%{exampledir} %else - sudoersdir=%{sudoersdir} sysconfdir=%{sysconfdir} exampledir=%{exampledir} %endif - if test ! -r $sudoersdir/sudoers; then - cp $sudoersdir/sudoers.dist $sudoersdir/sudoers - chmod %{sudoers_mode} $sudoersdir/sudoers - chown %{sudoers_uid} $sudoersdir/sudoers - chgrp %{sudoers_gid} $sudoersdir/sudoers + if test ! -r $sysconfdir/sudoers; then + cp $sysconfdir/sudoers.dist $sysconfdir/sudoers + chmod %{sudoers_mode} $sysconfdir/sudoers + chown %{sudoers_uid} $sysconfdir/sudoers + chgrp %{sudoers_gid} $sysconfdir/sudoers fi if test ! -r $sysconfdir/sudo.conf; then cp $exampledir/sudo.conf $sysconfdir/sudo.conf @@ -476,7 +464,7 @@ still allow people to get their work done." # dpkg-deb does not maintain the mode on the sudoers file, and # installs it 0640 when sudo requires 0440 - chmod %{sudoers_mode} %{sudoersdir}/sudoers + chmod %{sudoers_mode} %{sysconfdir}/sudoers # create symlink to ease transition to new path for ldap config # if old config file exists and new one doesn't diff --git a/plugins/sudoers/Makefile.in b/plugins/sudoers/Makefile.in index c34090c15..2786d1ccd 100644 --- a/plugins/sudoers/Makefile.in +++ b/plugins/sudoers/Makefile.in @@ -72,7 +72,7 @@ TESTSUDOERS_LIBS = $(NET_LIBS) # C preprocessor defines CPPDEFS = -DLIBDIR=\"$(libdir)\" -DLOCALEDIR=\"$(localedir)\" \ - -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" \ + -D_PATH_SUDOERS=\"$(sysconfdir)/sudoers\" \ -D_PATH_CVTSUDOERS_CONF=\"$(sysconfdir)/cvtsudoers.conf\" \ -DSUDOERS_UID=$(sudoers_uid) -DSUDOERS_GID=$(sudoers_gid) \ -DSUDOERS_MODE=$(sudoers_mode) @@ -135,9 +135,6 @@ shlib_opt = sudoers.opt # Directory in which to install the sudoers plugin plugindir = @plugindir@ -# Directory in which to install the sudoers file -sudoersdir = $(sysconfdir) - # User and group ids the installed files should be "owned" by install_uid = 0 install_gid = 0 @@ -546,9 +543,9 @@ sudoers: $(srcdir)/sudoers.in pre-install: visudo @if test X"$(cross_compiling)" != X"yes" -a X"$(DESTDIR)" = X""; then \ - if test -r $(sudoersdir)/sudoers; then \ + if test -r $(sysconfdir)/sudoers; then \ echo "Checking existing sudoers file for syntax errors."; \ - ./visudo -c -f $(sudoersdir)/sudoers; \ + ./visudo -c -f $(sysconfdir)/sudoers; \ fi; \ fi @@ -557,7 +554,7 @@ install: install-plugin install-binaries install-sudoers install-doc install-dirs: $(SHELL) $(scriptdir)/mkinstalldirs $(DESTDIR)$(plugindir) \ $(DESTDIR)$(sbindir) $(DESTDIR)$(bindir) \ - $(DESTDIR)$(sudoersdir) $(DESTDIR)$(docdir) \ + $(DESTDIR)$(sysconfdir) $(DESTDIR)$(docdir) \ `echo $(DESTDIR)$(rundir)|$(SED) 's,/[^/]*$$,,'` \ `echo $(DESTDIR)$(vardir)|$(SED) 's,/[^/]*$$,,'` $(INSTALL) -d $(INSTALL_OWNER) -m 0711 $(DESTDIR)$(rundir) @@ -582,10 +579,10 @@ install-plugin: sudoers.la install-dirs esac install-sudoers: install-dirs - $(INSTALL) -d $(INSTALL_OWNER) -m 0750 $(DESTDIR)$(sudoersdir)/sudoers.d - $(INSTALL) $(INSTALL_OWNER) -m $(sudoers_mode) sudoers $(DESTDIR)$(sudoersdir)/sudoers.dist - test -r $(DESTDIR)$(sudoersdir)/sudoers || \ - cp -p $(DESTDIR)$(sudoersdir)/sudoers.dist $(DESTDIR)$(sudoersdir)/sudoers + $(INSTALL) -d $(INSTALL_OWNER) -m 0750 $(DESTDIR)$(sysconfdir)/sudoers.d + $(INSTALL) $(INSTALL_OWNER) -m $(sudoers_mode) sudoers $(DESTDIR)$(sysconfdir)/sudoers.dist + test -r $(DESTDIR)$(sysconfdir)/sudoers || \ + cp -p $(DESTDIR)$(sysconfdir)/sudoers.dist $(DESTDIR)$(sysconfdir)/sudoers install-fuzzer: $(FUZZ_PROGS) $(FUZZ_SEED_CORPUS) @if test X"$(FUZZ_DESTDIR)" = X""; then \ @@ -605,9 +602,9 @@ uninstall: $(DESTDIR)$(bindir)/sudoreplay$(INSTALL_BACKUP) \ $(DESTDIR)$(sbindir)/visudo$(INSTALL_BACKUP) \ $(DESTDIR)$(plugindir)/sudoers.so$(INSTALL_BACKUP) - -cmp $(DESTDIR)$(sudoersdir)/sudoers $(DESTDIR)$(sudoersdir)/sudoers.dist >/dev/null && \ - rm -f $(DESTDIR)$(sudoersdir)/sudoers - -rm -f $(DESTDIR)$(sudoersdir)/sudoers.dist + -cmp $(DESTDIR)$(sysconfdir)/sudoers $(DESTDIR)$(sysconfdir)/sudoers.dist >/dev/null && \ + rm -f $(DESTDIR)$(sysconfdir)/sudoers + -rm -f $(DESTDIR)$(sysconfdir)/sudoers.dist splint: splint $(SPLINT_OPTS) -I$(incdir) -I$(top_builddir) -I$(devdir) -I$(srcdir) $(srcdir)/*.c $(srcdir)/auth/*.c |