[sudo-users] Can I distribute the sudoers file as an rpm????

Bob Proulx bob at proulx.com
Wed Jul 20 01:07:26 EDT 2005 

Wes Armour wrote:
> I would like to distribute our sudoers file using an rpm package.

> When I try to install the rpm I get:
> 
> file /etc/sudoers from install of diamond-sudoers-0.1-1 conflicts with
> file from package sudo-1.6.7p5-30.1.1

I believe Russell Van Tassell's response identified your problem.

> My spec file looks like:

But I had to comment upon your spec file.

> Summary: ...(lots of stuff...)

Did you have a BuildRoot specified?

> %description
> The sudoers file gives limited root access to pcs
> 
> %prep
> echo
> 
> %setup 
> echo
> 
> %build
> echo
> 
> %install

If those scripts are not used then don't include them in the spec file
at all.  Just remove them instead of creating noop scripts out of
them.

> %clean
> rm -rf $RPM_BUILD_ROOT          

I think you have a critical error possible here.  You omitted the
header so we can't tell if you specified a BuildRoot.  But from your
%files section I gather not.  In which case the rm -rf here could be a
bad thing if $RPM_BUILD_ROOT were to default to /.  Best to always
specify a BuildRoot.

> %files
> %config /etc/sudoers            

This looks like you are packaging your live file.  But you will be
installing your package on your system and overwriting your live file
too.  So your source file is going to be overwritten in a moment with
the new package file.  I think that is a bad relationship.  I would
alway keep the source separate from the live copy.  If you used a
BuildRoot you could point into your source area.  But then don't
clean or it would remove your source.

Personally I use rsync to keep the sudoers files in sync on the
different machines.  I have a cron task that pulls the sudoers files
from a golden image server on a regular basis.  Changes are made to
the gold server.  The new file is propagated to the clients by the
crontask that runs rsync to get the new file.  Therefore I recommend
not packaging the configuration files but using a VCS to manage them.

RPM packages are good for program files but not so good for
managing configuration files.  For configuration files I find an
version control system to be much more practical.

In addition to rsync other utilities such as radmin and cfengine are
also well known alternatives for doing these types of tasks.

Bob

More information about the sudo-users mailing list