summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStephen Hemminger <shemminger@vyatta.com>2011-11-29 10:44:02 -0800
committerStephen Hemminger <shemminger@vyatta.com>2011-11-29 10:44:02 -0800
commit0cabfe433b27c1ce48ececa92e6556ceabd10c3e (patch)
tree24af1fcd752e420b276caa4e6b64cc67702758c1
parent3cda57eb4059089eaf3d8902d8d336ad747092ea (diff)
downloadvyatta-cfg-system-0cabfe433b27c1ce48ececa92e6556ceabd10c3e.tar.gz
vyatta-cfg-system-0cabfe433b27c1ce48ececa92e6556ceabd10c3e.zip
change mode of /etc/sudoers.d/vyatta
Needs to be read only
-rw-r--r--debian/vyatta-cfg-system.postinst.in7
1 files changed, 4 insertions, 3 deletions
diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in
index ee71c2f5..6ce0a870 100644
--- a/debian/vyatta-cfg-system.postinst.in
+++ b/debian/vyatta-cfg-system.postinst.in
@@ -62,18 +62,19 @@ if [ "$sysconfdir" != "/etc" ]; then
sed -i '/^UseDNS/d' /etc/ssh/sshd_config
echo 'UseDNS yes' >>/etc/ssh/sshd_config
- # cleanup any old entries from previous versions
+ # cleanup any old entries in /etc/sudoers from previous versions
sed -i /etc/sudoers \
-e '/### BEGIN VYATTA/,/### END VYATTA/d' \
-e '/Cmnd_Alias IPTABLE/,/PPPOE_CMDS/d' \
-e '/sudo-users/d' \
-e '/env_keep+=VYATTA/d' || true
- # Turn off Debian default for %sudo (replaced by value in /etc/sudoers.d/vyatta)
+ # Turn off Debian default for %sudo
sed -i -e '/^%sudo/d' /etc/sudoers || true
- # Add Vyatta entries
+ # Add Vyatta entries for sudoers
cp $sysconfdir/sudoers /etc/sudoers.d/vyatta
+ chmod 0440 /etc/sudoers.d/vyatta
# set up blacklists
for f in blacklist.DSA-1024 blacklist.RSA-2048; do