Name: sudo Version: 1.8.17p1 Release: %mkrel 1 Epoch: 1 Summary: Allows command execution as root for specified users License: GPLv2+ Group: System/Base URL: http://www.sudo.ws/sudo Source0: http://www.sudo.ws/sudo/dist/%{name}-%{version}%{?pre}.tar.gz Source1: http://www.sudo.ws/sudo/dist/%{name}-%{version}%{?pre}.tar.gz.sig Source2: sudo.pamd Source3: sudo-1.7.2p2-sudoers Patch1: sudo-1.6.7p5-strip.patch Patch2: sudo-1.7.2p1-envdebug.patch BuildRequires: audit-devel BuildRequires: bison BuildRequires: groff-for-man BuildRequires: libcap-devel BuildRequires: openldap-devel BuildRequires: pam-devel Requires(pre): openldap %description Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per-host basis, copious logging of each command (providing a clear audit trail of who did what), a configurable timeout of the sudo command, and the ability to use the same configuration file (sudoers) on many different machines. %package devel Summary: Development files for sudo plugins Group: Development/C Requires: %{name} = %{epoch}:%{version}-%{release} %description devel Development files for compiling sudo plugins. %prep %setup -q -n %{name}-%{version}%{?pre} %patch1 -p1 -b .strip %patch2 -p1 -b .envdebug # fix attribs find -name "Makefile.*" | xargs perl -pi -e "s|-m 0444|-m 0644|g" %build # handle newer autoconf rm -f acsite.m4 mv aclocal.m4 acinclude.m4 autoreconf -fv --install %serverbuild export CFLAGS="%{optflags} -D_GNU_SOURCE" %configure2_5x \ --without-rpath \ --with-logging=both \ --with-logfac=authpriv \ --with-logpath=%{_logdir}/sudo.log \ --with-editor=/bin/vi \ --enable-log-host \ --with-pam \ --with-pam-login \ --with-env-editor \ --with-noexec=no \ --with-linux-audit \ --with-ignore-dot \ --with-tty-tickets \ --with-ldap \ --with-ldap-conf-file=%{_sysconfdir}/nslcd.conf \ --with-ldap-secret-file=%{_sysconfdir}/nslcd.conf \ --with-secure-path="/sbin:%{_sbindir}:/bin:%{_bindir}:/usr/local/bin:/usr/local/sbin" \ --with-passprompt="[sudo] password for %p: " \ --with-plugindir=%{_libdir}/sudo %make %install install -d %{buildroot}/usr install -d %{buildroot}%{_sysconfdir}/logrotate.d install -d %{buildroot}%{_sysconfdir}/sudoers.d install -d %{buildroot}%{_sysconfdir}/pam.d install -d %{buildroot}%{_var}/db/sudo install -d %{buildroot}%{_var}/db/sudo/lectured install -d %{buildroot}%{_logdir}/sudo install -d %{buildroot}%{_logdir}/sudo-io %makeinstall_std install_uid=$UID install_gid=$(id -g) sudoers=uid=$UID sudoers_gid=$(id -g) install -m0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/sudo install -m0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sudoers install -m0755 plugins/sudoers/sudoers2ldif %{buildroot}%{_bindir} # Installing logrotated file cat <%{buildroot}%{_sysconfdir}/logrotate.d/sudo %{_logdir}/sudo.log { missingok monthly compress } END cat > %{buildroot}%{_sysconfdir}/pam.d/sudo << EOF #%PAM-1.0 auth include system-auth account include system-auth password include system-auth session optional pam_keyinit.so revoke session required pam_limits.so EOF cat > %{buildroot}%{_sysconfdir}/pam.d/sudo-i << EOF #%PAM-1.0 auth include sudo account include sudo password include sudo session optional pam_keyinit.so force revoke session required pam_limits.so EOF # so that strip can touch it... chmod 755 %{buildroot}%{_bindir}/* chmod 755 %{buildroot}%{_sbindir}/* # (tpg) create the missing log file touch %{buildroot}%{_logdir}/sudo.log # move the lib to a common place mv %{buildroot}%{_libexecdir}/sudo/* %{buildroot}%{_libdir}/ rm -rf %{buildroot}%{_libexecdir}/sudo # cleanup rm -rf %{buildroot}%{_datadir}/examples samples cp -rp examples samples rm -f samples/Makefile* # already install in _bindir rm -f %{buildroot}%{_docdir}/%{name}/sudoers2ldif # too big rm -f %{buildroot}%{_docdir}/%{name}/ChangeLog find %{buildroot} -type f -name "*.la" | xargs rm %find_lang sudo %find_lang sudoers cat sudo.lang sudoers.lang > sudo_all.lang rm sudo.lang sudoers.lang %check make check %post /bin/chmod 0440 %{_sysconfdir}/sudoers || : %create_ghostfile %{_logdir}/sudo.log root root 600 %files -f sudo_all.lang %doc samples %{_docdir}/%{name}/CONTRIBUTORS %{_docdir}/%{name}/LICENSE %{_docdir}/%{name}/NEWS %{_docdir}/%{name}/HISTORY %{_docdir}/%{name}/README %{_docdir}/%{name}/README.LDAP %{_docdir}/%{name}/TROUBLESHOOTING %{_docdir}/%{name}/UPGRADE %{_docdir}/%{name}/schema.ActiveDirectory %{_docdir}/%{name}/schema.OpenLDAP %{_docdir}/%{name}/schema.iPlanet %{_docdir}/%{name}/examples/*.conf %{_docdir}/%{name}/examples/sudoers %attr(0440,root,root) %config(noreplace) %{_sysconfdir}/sudoers %attr(0750,root,root) %dir %{_sysconfdir}/sudoers.d/ %config(noreplace) %{_sysconfdir}/logrotate.d/sudo %config(noreplace) %{_sysconfdir}/pam.d/sudo %config(noreplace) %{_sysconfdir}/pam.d/sudo-i %attr(0755,root,root) %{_bindir}/sudoers2ldif %attr(4111,root,root) %{_bindir}/sudo %{_bindir}/sudoedit %attr(0111,root,root) %{_bindir}/sudoreplay %attr(0755,root,root) %{_sbindir}/visudo %ghost %{_logdir}/sudo.log %{_mandir}/*/* %attr(0700,root,root) %dir %{_var}/db/sudo %attr(0700,root,root) %dir %{_var}/db/sudo/lectured %attr(0750,root,root) %dir %{_logdir}/sudo-io %attr(0755,root,root) %{_libdir}/sudo/group_file.so %attr(0755,root,root) %{_libdir}/sudo/sudoers.so %attr(0755,root,root) %{_libdir}/sudo/system_group.so %{_libdir}/libsudo_util.so.0 %attr(0755,root,root) %{_libdir}/libsudo_util.so.*.* %{_tmpfilesdir}/sudo.conf %files devel %doc plugins/{group_file,sample} %{_includedir}/sudo_plugin.h %{_mandir}/man8/sudo_plugin.8* %{_libdir}/libsudo_util.so