[Buildroot] [PATCH] package/sudo: new config to add sudo group and rule
Yann E. MORIN
yann.morin.1998 at free.fr
Tue Nov 5 18:51:14 UTC 2019
Stephan, All,
On 2019-11-03 22:41 +0100, Stephan Henningsen spake thusly:
> From: Stephan Henningsen <stephan+buildroot at asklandd.dk>
>
> Signed-off-by: Stephan Henningsen <stephan+buildroot at asklandd.dk>
> ---
> package/sudo/Config.in | 15 +++++++++++++++
> package/sudo/sudo.mk | 13 +++++++++++++
> 2 files changed, 28 insertions(+)
>
> diff --git a/package/sudo/Config.in b/package/sudo/Config.in
> index cbef15d67b..403d634ceb 100644
> --- a/package/sudo/Config.in
> +++ b/package/sudo/Config.in
> @@ -9,3 +9,18 @@ config BR2_PACKAGE_SUDO
> but still allow people to get their work done.
>
> http://www.sudo.ws/sudo/
> +
> +
> +if BR2_PACKAGE_SUDO
> +
> +config BR2_PACKAGE_SUDO_GROUP_AND_RULE
> + bool "add group 'sudo' and enable associated sudo rule"
> + select BR2_PACKAGE_SUDO_GROUP
> + help
> + Creates a group named 'sudo', and enables the following rule
> + in the /etc/sudoers configuration file that allows members of
> + group 'sudo' to execute any command as root:
> +
> + %sudo ALL=(ALL) ALL
I thought the conclusion from the previous iteration was that the
addition of the group and sudo rules were to be non-optional.
> +endif
> diff --git a/package/sudo/sudo.mk b/package/sudo/sudo.mk
> index cf8b63b1db..5df39b193e 100644
> --- a/package/sudo/sudo.mk
> +++ b/package/sudo/sudo.mk
> @@ -64,4 +64,17 @@ define SUDO_PERMISSIONS
> /usr/bin/sudo f 4755 0 0 - - - - -
> endef
>
> +ifeq ($(BR2_PACKAGE_SUDO_GROUP_AND_RULE),y)
> +define SUDO_USERS
> + - -1 sudo -1 - - - -
When the username is '-', even the uid is ignored, we usually make it
'-' too. Also, there are too many spaces (see PERMISSIONS above).
So, I removed the condition (and thus the Config.in option), tweaked the
USERS variable, and pushed to master now.
Thanks!
Regards,
Yann E. MORIN.
> +endef
> +
> +define SUDO_ENABLE_SUDO_GROUP_RULE
> + $(SED) '/^# \%sudo\tALL=(ALL) ALL/s/^# //' $(TARGET_DIR)/etc/sudoers
> +endef
> +
> +SUDO_POST_INSTALL_TARGET_HOOKS += SUDO_ENABLE_SUDO_GROUP_RULE
> +
> +endif
> +
> $(eval $(autotools-package))
> --
> 2.17.1
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
More information about the buildroot
mailing list