summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStephen Hemminger <stephen.hemminger@vyatta.com>2008-07-04 13:06:19 -0700
committerStephen Hemminger <stephen.hemminger@vyatta.com>2008-07-04 13:09:44 -0700
commit28b7618bf24ea745d5d7e5a287de1aa728111d08 (patch)
treed56beadd76a99fa795c8ccb939393c9115c3419d
parent1fb175a266e45828a5588e2f44660c2a70057bf0 (diff)
downloadvyatta-cfg-quagga-28b7618bf24ea745d5d7e5a287de1aa728111d08.tar.gz
vyatta-cfg-quagga-28b7618bf24ea745d5d7e5a287de1aa728111d08.zip
Modify upgrade procedure for /etc/sudoers
0) make backup of file 1) remove old glendale entries 2) put all vyatta entries in one block 3) remove vyatta entries on package removal
Diffstat
-rw-r--r--debian/vyatta-cfg-system.postinst.in45
-rw-r--r--debian/vyatta-cfg-system.postrm3
2 files changed, 25 insertions, 23 deletions
diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in
index d6497529..735b28e7 100644
--- a/debian/vyatta-cfg-system.postinst.in
+++ b/debian/vyatta-cfg-system.postinst.in
@@ -23,16 +23,27 @@ esac
ln -sf ../vyatta-net.rules /etc/udev/rules.d/$vyatta_net_rules
if [ "$sysconfdir" != "/etc" ]; then
- # for "admin" level (FIXME)
+ cp -p /etc/sudoers /etc/sudoers.bak
+
+ # for "admin" level
sed -i 's/^# %sudo ALL=NOPASSWD: ALL/%sudo ALL=NOPASSWD: ALL/' /etc/sudoers
if ! grep -q '^%sudo ALL=NOPASSWD: ALL' /etc/sudoers; then
echo -e "\n%sudo ALL=NOPASSWD: ALL" >> /etc/sudoers
fi
- # Allow operator to do a limited number of commands without password
- if ! grep -q '^%operator ALL=NOPASSWD:' /etc/sudoers; then
- cat <<"EOF" >>/etc/sudoers
-### BEGIN VYATTA OPERATOR COMMANDS
+ # cleanup any old entries
+ ed - /etc/sudoers <<EOF
+/Cmnd_Alias IPTABLE/,/PPPOE_CMDS/d
+g/sudo-users/d
+g/env_keep+=VYATTA/d
+wq
+EOF
+ # Add Vyatta entries
+ cat <<"EOF" >>/etc/sudoers
+### BEGIN VYATTA
+Defaults syslog_goodpri=info
+Defaults env_keep+=VYATTA_*
+
Cmnd_Alias IPTABLES = /sbin/iptables --list -n,\
/sbin/iptables -L -vn,\
/sbin/iptables -L * -vn,\
@@ -46,26 +57,14 @@ Cmnd_Alias IPFLUSH = /sbin/ip route flush cache, \
Cmnd_Alias ETHTOOLP = /usr/sbin/ethtool -p *
Cmnd_Alias DATE = /bin/date, /usr/sbin/ntpdate
Cmnd_Alias PPPOE_CMDS = /sbin/pppd, /sbin/poff
+Cmnd_Alias PCAPTURE = /usr/bin/tshark, /usr/bin/tcpdump
%operator ALL=NOPASSWD: /sbin/reboot, DATE, IPTABLES, ETHTOOLP, IPFLUSH, \
- PPPOE_CMDS, /usr/bin/tshark, /usr/sbin/wanpipemon
-### END VYATTA OPERATOR COMMANDS
+ PPPOE_CMDS, PCAPTURE, /usr/sbin/wanpipemon
+EOF
+ cat <<EOF >>/etc/sudoers
+%users ALL=NOPASSWD: ${bindir}/sudo-users/
+### END VYATTA
EOF
- fi
-
- # for "users" level (FIXME)
- if ! grep -q "^%users ALL=NOPASSWD: ${bindir}/sudo-users/" /etc/sudoers; then
- echo -e "\n%users ALL=NOPASSWD: ${bindir}/sudo-users/" >> /etc/sudoers
- fi
-
- # Reduce logging level of good commands
- if ! grep -q "^Defaults syslog_goodpri" /etc/sudoers; then
- echo -e "\nDefaults syslog_goodpri=info" >>/etc/sudoers
- fi
-
- # keep env vars
- if ! grep -q 'env_keep+=VYATTA_*' /etc/sudoers ; then
- echo "Defaults env_keep+=VYATTA_*" >> /etc/sudoers
- fi
fi
# update crontab for logrotate
diff --git a/debian/vyatta-cfg-system.postrm b/debian/vyatta-cfg-system.postrm
index d668f55d..46ec1aaa 100644
--- a/debian/vyatta-cfg-system.postrm
+++ b/debian/vyatta-cfg-system.postrm
@@ -2,6 +2,9 @@
if [ "$1" = "purge" ]; then
rm -f /etc/udev/rules.d/*vyatta-net.rules
+
+ sed -i '/### BEGIN VYATTA/,/### END VYATTA/d' /etc/sudoers
+
fi
# Local Variables:
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-20 19:13:46 +0000