%define sysadmin_groupid 30 %define sysadmin_name sysadmin %define with_exempt 0 Name: sudo Version: 1.8.15 Release: 1mamba Summary: Allows restricted root access for specified users Group: System/Tools Vendor: openmamba Distribution: openmamba Packager: Silvan Calarco URL: http://www.courtesan.com/sudo/ Source0: http://www.courtesan.com/sudo/dist/%{name}-%{version}.tar.gz Source1: %{name}-sudoers.conf Source2: %{name}-pam.conf Patch2: %{name}-1.6.8p9-samples.patch Patch3: %{name}-1.6.8p9-can_2005_2959.patch Patch4: %{name}-1.6.8p12-can_2006_0151.patch Patch5: %{name}-1.6.8p12-badenv_table_more.patch Patch6: %{name}-1.6.8p12-sudoers_man.patch Patch7: %{name}-1.7.0-disable_env_reset.patch Patch8: %{name}-1.8.6p4-qemu_no_geteuid.patch License: BSD ## AUTOBUILDREQ-BEGIN BuildRequires: glibc-devel BuildRequires: libz-devel BuildRequires: perl-devel ## AUTOBUILDREQ-END BuildRequires: pam-devel %if "%{stage1}" != "1" BuildRequires: libopenldap-devel BuildRequires: vim %endif %if "%{stage1}" != "1" Requires: vim >= 6.3 %endif BuildRoot: %{_tmppath}/%{name}-%{version}-root %description Sudo (superuser do) is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. %prep %setup -q #%patch2 -p1 #%patch4 -p1 -b .can_2006_0151 %if %with_exempt %patch6 -p1 -b .sudoers_man %endif #%patch7 -p1 #%patch8 -p1 %build %configure \ --with-logging=syslog \ --with-logfac=authpriv \ %if "%{stage1}" != "1" --with-ldap \ %endif --with-pam \ --without-rpath \ --with-tty-tickets \ --with-editor=%{_bindir}/vi \ --with-env-editor \ --with-ignore-dot \ --with-all-insults \ --without-lecture \ --with-secure-path="\ /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/kde/bin:/opt/kde3/bin" \ --with-fqdn \ --with-rundir=/run/sudo \ %if %with_exempt --with-exempt=%{sysadmin_name} \ %endif --disable-root-mailer \ --with-sendmail=/usr/sbin/sendmail \ --disable-setresuid # --disable-envreset # --with-password-timeout=0 %make %install [ "%{buildroot}" != / ] && rm -rf %{buildroot} %makeinstall \ install_uid=`id -u` \ install_gid=`id -g` \ sudoers_uid=`id -u` \ sudoers_gid=`id -g` rm -f %{buildroot}%{_bindir}/sudoedit ln -sf sudo %{buildroot}%{_bindir}/sudoedit install -D -m0440 %{SOURCE1} %{buildroot}%{_sysconfdir}/sudoers install -D -m0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/sudo install -d %{buildroot}%{_var}/log touch %{buildroot}%{_var}/log/%{name}.log install -d -m 510 %{buildroot}%{_sysconfdir}/sudoers.d %find_lang %{name} %find_lang sudoers cat sudoers.lang >> %{name}.lang %clean [ "%{buildroot}" != / ] && rm -rf %{buildroot} %pre groupadd sysadmin -g %{sysadmin_groupid} 2>/dev/null || : exit 0 %post if [ $1 -gt 1 ]; then %tmpfiles_create sudo.conf /bin/chmod 0440 %{_sysconfdir}/sudoers || : grep guarddog %{_sysconfdir}/sudoers >/dev/null && \ sed -i "s|/opt/kde3/bin/guarddog|/usr/sbin/ufw|" %{_sysconfdir}/sudoers #grep "/etc/sudoers\.d" %{_sysconfdir}/sudoers >/dev/null || \ # echo "#includedir /etc/sudoers.d" >> %{_sysconfdir}/sudoers fi exit 0 %files -f %{name}.lang %defattr(-,root,root) %attr(0110,root,root) %{_sysconfdir}/sudoers.d %attr(0440,root,root) %config %{_sysconfdir}/sudoers %attr(4111,root,root) %{_bindir}/sudo %attr(4111,root,root) %{_bindir}/sudoedit %attr(4111,root,root) %{_bindir}/sudoreplay %attr(0755,root,root) %{_sbindir}/visudo %config %{_sysconfdir}/pam.d/sudo %dir %{_libexecdir}/sudo %{_libexecdir}/sudo/group_file.la %{_libexecdir}/sudo/group_file.so %{_libexecdir}/sudo/libsudo_util.la %{_libexecdir}/sudo/libsudo_util.so %{_libexecdir}/sudo/libsudo_util.so.* %{_libexecdir}/sudo/sudo_noexec.la %{_libexecdir}/sudo/sudo_noexec.so %{_libexecdir}/sudo/sudoers.la %{_libexecdir}/sudo/sudoers.so %{_libexecdir}/sudo/system_group.la %{_libexecdir}/sudo/system_group.so %{_includedir}/sudo_plugin.h %{_prefix}/lib/tmpfiles.d/sudo.conf %ghost %{_var}/log/%{name}.log %attr(0700,root,root) %{_localstatedir}/db/sudo %dir %{_docdir}/sudo %{_docdir}/sudo/* %{_mandir}/man5/sudo.conf.5* %{_mandir}/man5/sudoers.* %{_mandir}/man8/sudo.* %{_mandir}/man8/sudoreplay.* %{_mandir}/man8/sudoedit.* %{_mandir}/man8/visudo.* %{_mandir}/man8/sudo_plugin.8* %doc doc/LICENSE #%doc ChangeLog README README.LDAP %changelog * Sat Nov 07 2015 Automatic Build System 1.8.15-1mamba - automatic version update by autodist * Wed Aug 19 2015 Silvan Calarco 1.8.14p3-2mamba - fix rundir * Sun Aug 02 2015 Silvan Calarco 1.8.14p3-1mamba - update to 1.8.14p3 * Wed Apr 01 2015 Automatic Build System 1.8.13-1mamba - automatic version update by autodist * Sun Feb 22 2015 Automatic Build System 1.8.12-1mamba - automatic version update by autodist * Tue Oct 28 2014 Silvan Calarco 1.8.11p1-1mamba - update to 1.8.11p1 - sudoers: enable /sbin/ldconfig for DISTRO_CMD users * Thu Jul 03 2014 Silvan Calarco 1.8.9p5-2mamba - /etc/sudoers: remove old programs and add ufw to SYSADM_CMD (to fix mambatray enable/disable) * Wed May 28 2014 Automatic Build System 1.8.9p5-1mamba - automatic update by autodist * Sat Feb 01 2014 Silvan Calarco 1.8.9p4-1mamba - update to 1.8.9p4 * Fri Oct 04 2013 Automatic Build System 1.8.8-1mamba - automatic update by autodist * Mon Jun 17 2013 Automatic Build System 1.8.7-1mamba - automatic version update by autodist * Tue Apr 16 2013 Automatic Build System 1.8.6p8-1mamba - automatic version update by autodist * Fri Mar 01 2013 Automatic Build System 1.8.6p7-1mamba - automatic version update by autodist * Wed Jan 23 2013 Automatic Build System 1.8.6p4-1mamba - automatic version update by autodist * Wed Sep 19 2012 Automatic Build System 1.8.6p3-1mamba - automatic version update by autodist * Sun Jun 26 2011 Automatic Build System 1.8.1p2-1mamba - automatic update by autodist * Wed Feb 02 2011 Automatic Build System 1.7.4p6-1mamba - automatic update by autodist * Tue Jan 11 2011 Silvan Calarco 1.7.4p4-2mamba - sudoers: change path or rpm from /bin/rpm to /usr/bin/rpm (rpm 5) * Wed Nov 10 2010 Automatic Build System 1.7.4p4-1mamba - automatic update by autodist * Fri Sep 03 2010 Silvan Calarco 1.7.4p3-2mamba - create and own /var/db/sudo * Sun Aug 22 2010 Silvan Calarco 1.7.4p3-1mamba - update to 1.7.4p3 - added support for /etc/sudoers.d directory * Mon Jun 21 2010 Automatic Build System 1.7.2p7-1mamba - automatic update by autodist * Mon Feb 15 2010 Silvan Calarco 1.7.2p2-3mamba - /opt/kde3/bin/kcmshell removed from /etc/sudoers * Wed Jan 06 2010 Silvan Calarco 1.7.2p2-2mamba - add /usr/bin/smart to sudoers DISTRO_CMD * Tue Dec 08 2009 Automatic Build System 1.7.2p2-1mamba - automatic update by autodist * Wed Jul 29 2009 Automatic Build System 1.7.2p1-1mamba - automatic update by autodist * Fri Jul 17 2009 Automatic Build System 1.7.2-1mamba - automatic update by autodist * Sun Apr 19 2009 Automatic Build System 1.7.1-1mamba - automatic update by autodist * Sat Apr 04 2009 Silvan Calarco 1.7.0-1mamba - automatic update by autodist * Sun Feb 01 2009 Silvan Calarco 1.6.9p20-1mamba - update to 1.6.9p20 - added support for kde4 binaries path * Wed Dec 03 2008 Silvan Calarco 1.6.9p18-1mamba - automatic update by autodist * Thu May 08 2008 Silvan Calarco 1.6.9p15-2mamba - added kde3 path to secure dirs; removed /usr/X11R6/bin - added patch that disables default environment reset * Mon Mar 31 2008 Silvan Calarco 1.6.9p15-1mamba - update to 1.6.9p15 - sudoers: allow execution of all commands in system path to sysadmin group requiring user password - removed pam, badenv table and can_2006_0151 patches applied upstream * Fri Dec 28 2007 Silvan Calarco 1.6.8p12-13mamba - removed a message when installing/upgrading * Tue Nov 27 2007 Silvan Calarco 1.6.8p12-12mamba - sudoers: added /opt/kde3/bin/mambapt in DISTRO_CMD - sudoers: removed obsolete EXTRA_CMD (/usr/bin/updatechecker and /usr/bin/activate) * Thu Nov 22 2007 Silvan Calarco 1.6.8p12-11mamba - fixed pam configuration file * Mon Nov 19 2007 Silvan Calarco 1.6.8p12-10mamba - added guarddog and kcmshell to SYSADM_CMD * Tue Jun 27 2006 Massimo Pintore 1.6.8p12-9qilnx - added EXTRA_CMD alias in sudoers file * Fri Apr 21 2006 Silvan Calarco 1.6.8p12-8qilnx - added /usr/bin/apt-cdrom and /usr/bin/updatechecker in sudoers file * Thu Apr 06 2006 Davide Madrisan 1.6.8p12-7qilnx - option '--with-exempt=%{sysadmin_name}' disabled * Wed Apr 05 2006 Davide Madrisan 1.6.8p12-6qilnx - rebuild with the option '--with-exempt=%{sysadmin_name}' - removed patch for CAN-2005-2959 (fixed upstream) * Tue Feb 14 2006 Silvan Calarco 1.6.8p12-5qilnx - create and handle sysadmin group * Mon Feb 06 2006 Davide Madrisan 1.6.8p12-4qilnx - new patch for CVE-2006-0151 * Wed Jan 25 2006 Silvan Calarco 1.6.8p12-3qilnx - allow "packager" group users to execute rpm, apt-get and synaptic * Mon Jan 23 2006 Davide Madrisan 1.6.8p12-2qilnx - security update for CVE-2006-0151 (qibug#117) * Mon Nov 14 2005 Davide Madrisan 1.6.8p12-1qilnx - update to version 1.6.8p12 by autospec - also fixes a security issue in perl scripts (QiLinux bug#69) * Wed Oct 26 2005 Davide Madrisan 1.6.8p9-2qilnx - security fix for CAN-2005-2959 (closes: #55) * Fri Sep 30 2005 Davide Madrisan 1.6.8p9-1qilnx - package created by autospec