commit 3e34b4e3f9ac4b2489ccd7bba614b10db03b4290 Author: overweight <5324761+overweight@user.noreply.gitee.com> Date: Mon Sep 30 11:17:51 2019 -0400 Package init diff --git a/sudo b/sudo new file mode 100644 index 0000000..284b050 --- /dev/null +++ b/sudo @@ -0,0 +1,7 @@ +#%PAM-1.0 +auth include system-auth +account include system-auth +password include system-auth +session optional pam_keyinit.so revoke +session required pam_limits.so +session include system-auth diff --git a/sudo-1.8.27.tar.gz b/sudo-1.8.27.tar.gz new file mode 100644 index 0000000..4f95fcb Binary files /dev/null and b/sudo-1.8.27.tar.gz differ diff --git a/sudo-i b/sudo-i new file mode 100644 index 0000000..3c63733 --- /dev/null +++ b/sudo-i @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth include sudo +account include sudo +password include sudo +session optional pam_keyinit.so force revoke +session include sudo diff --git a/sudo.spec b/sudo.spec new file mode 100644 index 0000000..7e08e87 --- /dev/null +++ b/sudo.spec @@ -0,0 +1,148 @@ +Name: sudo +Version: 1.8.27 +Release: 1 +Summary: Allows restricted root access for specified users +License: ISC +URL: http://www.courtesan.com/sudo/ + +Source0: https://www.sudo.ws/dist/%{name}-%{version}.tar.gz +Source1: sudoers +Source2: sudo +Source3: sudo-i + +Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +Requires: pam +Recommends: vim-minimal +Requires(post): coreutils + +BuildRequires: pam-devel groff openldap-devel flex bison automake autoconf libtool +BuildRequires: audit-libs-devel libcap-devel libselinux-devel sendmail gettext zlib-devel +BuildRequires: chrpath git + +%description +Sudo is a program designed to allow a sysadmin to give limited root privileges +to users and log root activity. The basic philosophy is to give as few +privileges as possible but still allow people to get their work done. + +%package devel +Summary: Development files for %{name} +Requires: %{name} = %{version}-%{release} + +%description devel +The %{name}-devel package contains header files developing sudo +plugins that use %{name}. + +%package_help + +%prep +%autosetup -n %{name}-%{version} -S git + +%build +autoreconf -I m4 -fv --install +export CFLAGS="$RPM_OPT_FLAGS -fpie" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" +%configure \ + --prefix=%{_prefix} \ + --sbindir=%{_sbindir} \ + --libdir=%{_libdir} \ + --docdir=%{_pkgdocdir} \ + --disable-root-mailer \ + --with-logging=syslog \ + --with-logfac=authpriv \ + --with-pam \ + --with-pam-login \ + --with-editor=/bin/vi \ + --with-env-editor \ + --with-ignore-dot \ + --with-tty-tickets \ + --with-ldap \ + --with-selinux \ + --with-passprompt="[sudo] password for %p: " \ + --with-linux-audit \ + --with-sssd + +%make_build + +%check +make check + +%install +rm -rf $RPM_BUILD_ROOT +%make_install install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g` + +chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/* +install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo +install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo/lectured +install -p -d -m 750 $RPM_BUILD_ROOT/etc/sudoers.d +install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers +install -p -d -m 755 $RPM_BUILD_ROOT/etc/dnf/protected.d/ + +touch sudo.conf +echo sudo > sudo.conf +install -p -c -m 0644 sudo.conf $RPM_BUILD_ROOT/etc/dnf/protected.d/ +rm -f sudo.conf + +chmod +x $RPM_BUILD_ROOT%{_libexecdir}/sudo/*.so + +rm -rf $RPM_BUILD_ROOT%{_pkgdocdir}/LICENSE +rm -rf $RPM_BUILD_ROOT%{_datadir}/examples/sudo + +%delete_la + +rm -f $RPM_BUILD_ROOT%{_sysconfdir}/sudoers.dist + +%chrpath_delete +mkdir -p $RPM_BUILD_ROOT/etc/ld.so.conf.d +echo "/usr/libexec/sudo" > $RPM_BUILD_ROOT/etc/ld.so.conf.d/%{name}-%{_arch}.conf + +%find_lang sudo +%find_lang sudoers + +mkdir -p $RPM_BUILD_ROOT/etc/pam.d +install -p -c -m 0644 %{SOURCE2} $RPM_BUILD_ROOT/etc/pam.d/sudo +install -p -c -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/sudo-i + +%post +/bin/chmod 0440 /etc/sudoers || : +/sbin/ldconfig || : + +%postun -p /sbin/ldconfig + +%files -f sudo.lang -f sudoers.lang +%attr(0440,root,root) %config(noreplace) /etc/sudoers +%attr(0750,root,root) %dir /etc/sudoers.d/ +%attr(0644,root,root) %{_tmpfilesdir}/sudo.conf +%attr(0644,root,root) /etc/dnf/protected.d/sudo.conf +%attr(4111,root,root) %{_bindir}/sudo +%attr(0111,root,root) %{_bindir}/sudoreplay +%{_bindir}/sudoedit +%{_bindir}/cvtsudoers +%attr(0755,root,root) %{_sbindir}/visudo +%attr(0755,root,root) %{_libexecdir}/sudo/sesh +%attr(0644,root,root) %{_libexecdir}/sudo/sudo_noexec.so +%attr(0644,root,root) %{_libexecdir}/sudo/sudoers.so +%attr(0644,root,root) %{_libexecdir}/sudo/group_file.so +%attr(0644,root,root) %{_libexecdir}/sudo/system_group.so +%attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so* +%dir /var/db/sudo +%dir /var/db/sudo/lectured +%dir %{_libexecdir}/sudo +%config(noreplace) /etc/pam.d/sudo +%config(noreplace) /etc/pam.d/sudo-i +%config(noreplace) /etc/ld.so.conf.d/* +%license doc/LICENSE + +%files devel +%{_includedir}/sudo_plugin.h + +%files help +%dir %{_pkgdocdir}/ +%{_mandir}/man5/* +%{_mandir}/man8/* +%{_mandir}/man1/* +%{_pkgdocdir}/* +%doc plugins/sample/sample_plugin.c +%exclude %{_pkgdocdir}/ChangeLog + +%changelog +* Tue Aug 27 2019 openEuler Buildteam - 1.8.27-1 +- Package init diff --git a/sudoers b/sudoers new file mode 100644 index 0000000..17afb17 --- /dev/null +++ b/sudoers @@ -0,0 +1,96 @@ +## Sudoers allows particular users to run various commands as +## the root user, without needing the root password. +## +## Examples are provided at the bottom of the file for collections +## of related commands, which can then be delegated out to particular +## users or groups. +## +## This file must be edited with the 'visudo' command. + +## Host Aliases +## Groups of machines. You may prefer to use hostnames (perhaps using +## wildcards for entire domains) or IP addresses instead. +# Host_Alias FILESERVERS = fs1, fs2 +# Host_Alias MAILSERVERS = smtp, smtp2 + +## User Aliases +## These aren't often necessary, as you can use regular groups +## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname +## rather than USERALIAS +# User_Alias ADMINS = jsmith, mikem + + +## Command Aliases +## These are groups of related commands... + +## Networking +# Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool + +## Installation and management of software +# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum + +## Services +# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig + +## Updating the locate database +# Cmnd_Alias LOCATE = /usr/bin/updatedb + +## Storage +# Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount + +## Delegating permissions +# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp + +## Processes +# Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall + +## Drivers +# Cmnd_Alias DRIVERS = /sbin/modprobe + +# Defaults specification + +# +# Refuse to run if unable to disable echo on the tty. +# +Defaults !visiblepw + +Defaults env_reset +Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS" +Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE" +Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES" +Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE" +Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY" + +Defaults secure_path = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +## Next comes the main part: which users can run what software on +## which machines (the sudoers file can be shared between multiple +## systems). +## Syntax: +## +## user MACHINE=COMMANDS +## +## The COMMANDS section may have other options added to it. +## +## Allow root to run any commands anywhere +root ALL=(ALL) ALL + +## Allows members of the 'sys' group to run networking, software, +## service management apps and more. +# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS + +## Allows people in group wheel to run all commands +%wheel ALL=(ALL) ALL + +## Same thing without a password +# %wheel ALL=(ALL) NOPASSWD: ALL + +## Allows members of the users group to mount and unmount the +## cdrom as root +# %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom + +## Allows members of the users group to shutdown this system +# %users localhost=/sbin/shutdown -h now + +## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment) +#includedir /etc/sudoers.d