[sudo-users] Can I distribute the sudoers file as an rpm????

Ladner, Eric (Eric.Ladner) Eric.Ladner at chevron.com
Thu Jul 21 11:43:37 EDT 2005

Get the original Sudo pakage (and spec), build it minus the config file
and separate the config file into another RPM. 

IMO, however, this is off topic for the sudo-users mailing list and
would be better at home in a Red Hat RPM builder or developers list.

Eric Ladner, Systems Analyst 
RFMS IT Support

-----Original Message-----
From: sudo-users-bounces at courtesan.com
[mailto:sudo-users-bounces at courtesan.com] On Behalf Of Wes Armour
Sent: Wednesday, July 20, 2005 04:35
To: sudo-users at sudo.ws
Subject: Re: [sudo-users] Can I distribute the sudoers file as an

Thanks Russell & Bob your advice is appreciated.

My full rpm spec is:


Summary: Sudoers file for linux
%define version 0.1
Copyright: GPL
Group: Applications
Name: sudoers
Provides: sudoers
Release: 1
Source: sudoers-%{version}.tar.gz
Version: %{version}
#Buildroot: /tmp/sudoers-%{version}

The sudoers file gives limited root access to pcs





rm -rf $RPM_BUILD_ROOT          

%config /etc/sudoers  


The reason I would like to package the sudoers file as an rpm is because
I have a red hat satellite server and so it would make things very easy
if I could upload an rpm with the latest sudoers file in it and then all
machines would update automatically.



On Tue, 2005-07-19 at 23:07 -0600, Bob Proulx wrote:
> Wes Armour wrote:
> > I would like to distribute our sudoers file using an rpm package.
> > When I try to install the rpm I get:
> > 
> > file /etc/sudoers from install of diamond-sudoers-0.1-1 conflicts 
> > with file from package sudo-1.6.7p5-30.1.1
> I believe Russell Van Tassell's response identified your problem.
> > My spec file looks like:
> But I had to comment upon your spec file.
> > Summary: ...(lots of stuff...)
> Did you have a BuildRoot specified?
> > %description
> > The sudoers file gives limited root access to pcs
> > 
> > %prep
> > echo
> > 
> > %setup
> > echo
> > 
> > %build
> > echo
> > 
> > %install
> If those scripts are not used then don't include them in the spec file

> at all.  Just remove them instead of creating noop scripts out of 
> them.
> > %clean
> > rm -rf $RPM_BUILD_ROOT          
> I think you have a critical error possible here.  You omitted the 
> header so we can't tell if you specified a BuildRoot.  But from your 
> %files section I gather not.  In which case the rm -rf here could be a

> bad thing if $RPM_BUILD_ROOT were to default to /.  Best to always 
> specify a BuildRoot.
> > %files
> > %config /etc/sudoers            
> This looks like you are packaging your live file.  But you will be 
> installing your package on your system and overwriting your live file 
> too.  So your source file is going to be overwritten in a moment with 
> the new package file.  I think that is a bad relationship.  I would 
> alway keep the source separate from the live copy.  If you used a 
> BuildRoot you could point into your source area.  But then don't clean

> or it would remove your source.
> Personally I use rsync to keep the sudoers files in sync on the 
> different machines.  I have a cron task that pulls the sudoers files 
> from a golden image server on a regular basis.  Changes are made to 
> the gold server.  The new file is propagated to the clients by the 
> crontask that runs rsync to get the new file.  Therefore I recommend 
> not packaging the configuration files but using a VCS to manage them.
> RPM packages are good for program files but not so good for managing 
> configuration files.  For configuration files I find an version 
> control system to be much more practical.
> In addition to rsync other utilities such as radmin and cfengine are 
> also well known alternatives for doing these types of tasks.
> Bob
sudo-users mailing list <sudo-users at sudo.ws> For list information,
options, or to unsubscribe, visit:

More information about the sudo-users mailing list