[sudo-users] Can I distribute the sudoers file as an rpm????

Wes Armour wes.armour at diamond.ac.uk
Wed Jul 20 05:35:25 EDT 2005

Thanks Russell & Bob your advice is appreciated.

My full rpm spec is:


Summary: Sudoers file for linux
%define version 0.1
Copyright: GPL
Group: Applications
Name: sudoers
Provides: sudoers
Release: 1
Source: sudoers-%{version}.tar.gz
Version: %{version}
#Buildroot: /tmp/sudoers-%{version}

The sudoers file gives limited root access to pcs





rm -rf $RPM_BUILD_ROOT          

%config /etc/sudoers  


The reason I would like to package the sudoers file as an rpm is because
I have a red hat satellite server and so it would make things very easy
if I could upload an rpm with the latest sudoers file in it and then all
machines would update automatically.



On Tue, 2005-07-19 at 23:07 -0600, Bob Proulx wrote:
> Wes Armour wrote:
> > I would like to distribute our sudoers file using an rpm package.
> > When I try to install the rpm I get:
> > 
> > file /etc/sudoers from install of diamond-sudoers-0.1-1 conflicts with
> > file from package sudo-1.6.7p5-30.1.1
> I believe Russell Van Tassell's response identified your problem.
> > My spec file looks like:
> But I had to comment upon your spec file.
> > Summary: ...(lots of stuff...)
> Did you have a BuildRoot specified?
> > %description
> > The sudoers file gives limited root access to pcs
> > 
> > %prep
> > echo
> > 
> > %setup 
> > echo
> > 
> > %build
> > echo
> > 
> > %install
> If those scripts are not used then don't include them in the spec file
> at all.  Just remove them instead of creating noop scripts out of
> them.
> > %clean
> > rm -rf $RPM_BUILD_ROOT          
> I think you have a critical error possible here.  You omitted the
> header so we can't tell if you specified a BuildRoot.  But from your
> %files section I gather not.  In which case the rm -rf here could be a
> bad thing if $RPM_BUILD_ROOT were to default to /.  Best to always
> specify a BuildRoot.
> > %files
> > %config /etc/sudoers            
> This looks like you are packaging your live file.  But you will be
> installing your package on your system and overwriting your live file
> too.  So your source file is going to be overwritten in a moment with
> the new package file.  I think that is a bad relationship.  I would
> alway keep the source separate from the live copy.  If you used a
> BuildRoot you could point into your source area.  But then don't
> clean or it would remove your source.
> Personally I use rsync to keep the sudoers files in sync on the
> different machines.  I have a cron task that pulls the sudoers files
> from a golden image server on a regular basis.  Changes are made to
> the gold server.  The new file is propagated to the clients by the
> crontask that runs rsync to get the new file.  Therefore I recommend
> not packaging the configuration files but using a VCS to manage them.
> RPM packages are good for program files but not so good for
> managing configuration files.  For configuration files I find an
> version control system to be much more practical.
> In addition to rsync other utilities such as radmin and cfengine are
> also well known alternatives for doing these types of tasks.
> Bob

More information about the sudo-users mailing list