Modify upgrade procedure for /etc/sudoers

Bugfix 3429 0) make backup of file 1) remove old glendale entries 2) put all vyatta entries in one block 3) remove vyatta entries on package removal
author: Stephen Hemminger <stephen.hemminger@vyatta.com> 2008-07-04 13:06:19 -0700
committer: Stephen Hemminger <stephen.hemminger@vyatta.com> 2008-07-04 13:21:17 -0700
commit: 471387b1db7f6e9952ae0d709840560cb0d0bc6d (patch)
tree: d56beadd76a99fa795c8ccb939393c9115c3419d /debian/vyatta-cfg-system.postinst.in
parent: 1fb175a266e45828a5588e2f44660c2a70057bf0 (diff)
download: vyatta-cfg-system-471387b1db7f6e9952ae0d709840560cb0d0bc6d.tar.gz
vyatta-cfg-system-471387b1db7f6e9952ae0d709840560cb0d0bc6d.zip
1 files changed, 22 insertions, 23 deletions
diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in
index d6497529..735b28e7 100644
--- a/debian/vyatta-cfg-system.postinst.in
+++ b/debian/vyatta-cfg-system.postinst.in
@@ -23,16 +23,27 @@ esac
 ln -sf ../vyatta-net.rules /etc/udev/rules.d/$vyatta_net_rules
 
 if [ "$sysconfdir" != "/etc" ]; then
-    # for "admin" level (FIXME)
+    cp -p /etc/sudoers /etc/sudoers.bak
+
+    # for "admin" level
     sed -i 's/^# %sudo ALL=NOPASSWD: ALL/%sudo ALL=NOPASSWD: ALL/' /etc/sudoers
     if ! grep -q '^%sudo ALL=NOPASSWD: ALL' /etc/sudoers; then
 	echo -e "\n%sudo ALL=NOPASSWD: ALL" >> /etc/sudoers
     fi
 
-    # Allow operator to do a limited number of commands without password
-    if ! grep -q '^%operator ALL=NOPASSWD:' /etc/sudoers; then
-        cat <<"EOF" >>/etc/sudoers
-### BEGIN VYATTA OPERATOR COMMANDS
+    # cleanup any old entries
+    ed - /etc/sudoers <<EOF
+/Cmnd_Alias IPTABLE/,/PPPOE_CMDS/d
+g/sudo-users/d
+g/env_keep+=VYATTA/d
+wq
+EOF
+    # Add Vyatta entries
+    cat <<"EOF" >>/etc/sudoers
+### BEGIN VYATTA 
+Defaults syslog_goodpri=info
+Defaults env_keep+=VYATTA_*
+
 Cmnd_Alias IPTABLES = /sbin/iptables --list -n,\
 		      /sbin/iptables -L -vn,\
                       /sbin/iptables -L * -vn,\
@@ -46,26 +57,14 @@ Cmnd_Alias IPFLUSH = /sbin/ip route flush cache, \
 Cmnd_Alias ETHTOOLP = /usr/sbin/ethtool -p *
 Cmnd_Alias DATE    = /bin/date, /usr/sbin/ntpdate
 Cmnd_Alias PPPOE_CMDS = /sbin/pppd, /sbin/poff
+Cmnd_Alias PCAPTURE = /usr/bin/tshark, /usr/bin/tcpdump
 %operator ALL=NOPASSWD: /sbin/reboot, DATE, IPTABLES, ETHTOOLP, IPFLUSH, \
-			PPPOE_CMDS, /usr/bin/tshark, /usr/sbin/wanpipemon
-### END VYATTA OPERATOR COMMANDS
+			PPPOE_CMDS, PCAPTURE, /usr/sbin/wanpipemon
+EOF
+    cat <<EOF >>/etc/sudoers
+%users ALL=NOPASSWD: ${bindir}/sudo-users/
+### END VYATTA
 EOF
-    fi
-
-    # for "users" level (FIXME)
-    if ! grep -q "^%users ALL=NOPASSWD: ${bindir}/sudo-users/" /etc/sudoers; then
-	echo -e "\n%users ALL=NOPASSWD: ${bindir}/sudo-users/" >> /etc/sudoers
-    fi
-
-    # Reduce logging level of good commands
-    if ! grep -q "^Defaults syslog_goodpri" /etc/sudoers; then
-	echo -e "\nDefaults syslog_goodpri=info" >>/etc/sudoers
-    fi
-	
-    # keep env vars
-    if ! grep -q 'env_keep+=VYATTA_*' /etc/sudoers ; then
-	echo "Defaults env_keep+=VYATTA_*" >> /etc/sudoers
-    fi
 fi
 
 # update crontab for logrotate
author	Stephen Hemminger <stephen.hemminger@vyatta.com>	2008-07-04 13:06:19 -0700
committer	Stephen Hemminger <stephen.hemminger@vyatta.com>	2008-07-04 13:21:17 -0700
commit	471387b1db7f6e9952ae0d709840560cb0d0bc6d (patch)
tree	d56beadd76a99fa795c8ccb939393c9115c3419d /debian/vyatta-cfg-system.postinst.in
parent	1fb175a266e45828a5588e2f44660c2a70057bf0 (diff)
download	vyatta-cfg-system-471387b1db7f6e9952ae0d709840560cb0d0bc6d.tar.gz vyatta-cfg-system-471387b1db7f6e9952ae0d709840560cb0d0bc6d.zip