From 28b7618bf24ea745d5d7e5a287de1aa728111d08 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen.hemminger@vyatta.com>
Date: Fri, 4 Jul 2008 13:06:19 -0700
Subject: Modify upgrade procedure for /etc/sudoers

0) make backup of file
1) remove old glendale entries
2) put all vyatta entries in one block
3) remove vyatta entries on package removal
---
 debian/vyatta-cfg-system.postinst.in | 45 ++++++++++++++++++------------------
 debian/vyatta-cfg-system.postrm      |  3 +++
 2 files changed, 25 insertions(+), 23 deletions(-)

(limited to 'debian')

diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in
index d6497529..735b28e7 100644
--- a/debian/vyatta-cfg-system.postinst.in
+++ b/debian/vyatta-cfg-system.postinst.in
@@ -23,16 +23,27 @@ esac
 ln -sf ../vyatta-net.rules /etc/udev/rules.d/$vyatta_net_rules
 
 if [ "$sysconfdir" != "/etc" ]; then
-    # for "admin" level (FIXME)
+    cp -p /etc/sudoers /etc/sudoers.bak
+
+    # for "admin" level
     sed -i 's/^# %sudo ALL=NOPASSWD: ALL/%sudo ALL=NOPASSWD: ALL/' /etc/sudoers
     if ! grep -q '^%sudo ALL=NOPASSWD: ALL' /etc/sudoers; then
 	echo -e "\n%sudo ALL=NOPASSWD: ALL" >> /etc/sudoers
     fi
 
-    # Allow operator to do a limited number of commands without password
-    if ! grep -q '^%operator ALL=NOPASSWD:' /etc/sudoers; then
-        cat <<"EOF" >>/etc/sudoers
-### BEGIN VYATTA OPERATOR COMMANDS
+    # cleanup any old entries
+    ed - /etc/sudoers <<EOF
+/Cmnd_Alias IPTABLE/,/PPPOE_CMDS/d
+g/sudo-users/d
+g/env_keep+=VYATTA/d
+wq
+EOF
+    # Add Vyatta entries
+    cat <<"EOF" >>/etc/sudoers
+### BEGIN VYATTA 
+Defaults syslog_goodpri=info
+Defaults env_keep+=VYATTA_*
+
 Cmnd_Alias IPTABLES = /sbin/iptables --list -n,\
 		      /sbin/iptables -L -vn,\
                       /sbin/iptables -L * -vn,\
@@ -46,26 +57,14 @@ Cmnd_Alias IPFLUSH = /sbin/ip route flush cache, \
 Cmnd_Alias ETHTOOLP = /usr/sbin/ethtool -p *
 Cmnd_Alias DATE    = /bin/date, /usr/sbin/ntpdate
 Cmnd_Alias PPPOE_CMDS = /sbin/pppd, /sbin/poff
+Cmnd_Alias PCAPTURE = /usr/bin/tshark, /usr/bin/tcpdump
 %operator ALL=NOPASSWD: /sbin/reboot, DATE, IPTABLES, ETHTOOLP, IPFLUSH, \
-			PPPOE_CMDS, /usr/bin/tshark, /usr/sbin/wanpipemon
-### END VYATTA OPERATOR COMMANDS
+			PPPOE_CMDS, PCAPTURE, /usr/sbin/wanpipemon
+EOF
+    cat <<EOF >>/etc/sudoers
+%users ALL=NOPASSWD: ${bindir}/sudo-users/
+### END VYATTA
 EOF
-    fi
-
-    # for "users" level (FIXME)
-    if ! grep -q "^%users ALL=NOPASSWD: ${bindir}/sudo-users/" /etc/sudoers; then
-	echo -e "\n%users ALL=NOPASSWD: ${bindir}/sudo-users/" >> /etc/sudoers
-    fi
-
-    # Reduce logging level of good commands
-    if ! grep -q "^Defaults syslog_goodpri" /etc/sudoers; then
-	echo -e "\nDefaults syslog_goodpri=info" >>/etc/sudoers
-    fi
-	
-    # keep env vars
-    if ! grep -q 'env_keep+=VYATTA_*' /etc/sudoers ; then
-	echo "Defaults env_keep+=VYATTA_*" >> /etc/sudoers
-    fi
 fi
 
 # update crontab for logrotate
diff --git a/debian/vyatta-cfg-system.postrm b/debian/vyatta-cfg-system.postrm
index d668f55d..46ec1aaa 100644
--- a/debian/vyatta-cfg-system.postrm
+++ b/debian/vyatta-cfg-system.postrm
@@ -2,6 +2,9 @@
 
 if [ "$1" = "purge" ]; then
     rm -f /etc/udev/rules.d/*vyatta-net.rules
+
+    sed -i '/### BEGIN VYATTA/,/### END VYATTA/d' /etc/sudoers
+
 fi
 
 # Local Variables:
-- 
cgit v1.2.3