From 1b36b7eab98cc7e52e8a1e19d3545028a9e6e4b1 Mon Sep 17 00:00:00 2001 From: Silvan Calarco Date: Fri, 5 Jan 2024 18:11:20 +0100 Subject: [PATCH] remove obsolete entries from default /etc/sudoers file NOPASSWD rpm and dnf only for packager group, no longer for sysadmin [release 1.9.12-2mamba;Tue Jan 24 2023] --- sudo-sudoers.conf | 9 ++++----- sudo.spec | 8 +++++--- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/sudo-sudoers.conf b/sudo-sudoers.conf index 7948877..25b1f44 100644 --- a/sudo-sudoers.conf +++ b/sudo-sudoers.conf @@ -10,10 +10,10 @@ # User alias specification # Cmnd alias specification -Cmnd_Alias DISTRO_CMD = /usr/bin/rpm, /usr/bin/dnf, /usr/bin/smart, /sbin/ldconfig +Cmnd_Alias PACKAGER_CMD = /usr/bin/rpm, /usr/bin/dnf, /usr/sbin/ldconfig # Cmnd_Alias EXTRA_CMD = -Cmnd_Alias SYSADM_CMD = /bin/systemctl, /bin/journalctl, /usr/sbin/ufw -Cmnd_Alias SYSADM_CMD_PASSWD = /sbin/*, /usr/sbin/*, /bin/*, /usr/bin/*, /opt/kde/bin/*, /opt/kde3/bin/* +Cmnd_Alias SYSADM_CMD = /usr/bin/systemctl, /usr/bin/journalctl, /usr/sbin/ufw +Cmnd_Alias SYSADM_CMD_PASSWD = /sbin/*, /usr/sbin/*, /bin/*, /usr/bin/*, /opt/kde/bin/* # Defaults specification @@ -27,8 +27,7 @@ root ALL=(ALL) ALL # %users localhost=/sbin/shutdown -h now %sysadmin ALL = PASSWD: ALL -%packager ALL = NOPASSWD: DISTRO_CMD -%sysadmin ALL = NOPASSWD: DISTRO_CMD +%packager ALL = NOPASSWD: PACKAGER_CMD %sysadmin ALL = NOPASSWD: SYSADM_CMD # %sysadmin ALL = NOPASSWD: EXTRA_CMD diff --git a/sudo.spec b/sudo.spec index 7f44f2e..4f5181b 100644 --- a/sudo.spec +++ b/sudo.spec @@ -5,7 +5,7 @@ Name: sudo Version: 1.9.12 -Release: 1mamba +Release: 2mamba Summary: Allows restricted root access for specified users Group: System/Tools Vendor: openmamba @@ -25,8 +25,6 @@ Patch8: %{name}-1.8.6p4-qemu_no_geteuid.patch License: BSD ## AUTOBUILDREQ-BEGIN BuildRequires: glibc-devel -BuildRequires: libaudit-devel -BuildRequires: libcap-ng-devel BuildRequires: libopenldap-devel BuildRequires: libopenssl-devel BuildRequires: libpam-devel @@ -178,6 +176,10 @@ exit 0 #%doc ChangeLog README README.LDAP %changelog +* Tue Jan 24 2023 Silvan Calarco 1.9.12-2mamba +- remove obsolete entries from default /etc/sudoers file +- NOPASSWD rpm and dnf only for packager group, no longer for sysadmin + * Tue Oct 25 2022 Automatic Build System 1.9.12-1mamba - automatic version update by autodist