How do I add to sudoers.d from a custom rpm

1

I have a custom RPM I created that needs to add entries to sudoers so I have entries added a file in my RPM /etc/sudoers.d/mypackage and put my sudo commands in there.

The files gets added and the RPM is generated. Unfortunately, when I try to install the package, it complains:

file /etc/sudoers.d from install of mypackage-1.0.0-1.x86_64 conflicts with file from sudo-1.8.6p7016.el7.x86_64

The rpm will install fine if I install it with --force such as:

rpm -Uvh --force mypackage.rpm

I probably could echo the contents of the sudoers file into /etc/sudoers.d but I would prefer the sudoers file be tracked with the rpm.

How do I add entries to sudoers from a custom RPM without sudo complaining?

EDIT: To clarify my post a bit, I have a dozen directories filled with files:

/etc/sudoers.d
/etc/httpd/conf.d/
/etc/systemd/system
/etc/cron.d
...

Because I don't have beforehand the list of directories and this list may change, I tried to do is:

%files
/etc/*
%exclude /etc/sudoers.d
/etc/sudoers.d/*

but at that point, files in sudoers.d don't get included. If I wanted to mention directories, one by one, I would have to dynamically generate that list of directories

As was suggested, I tried to do rpm -qf /etc/sudoers.d and it does say sudo-1.8.5.el7_2.x86_64 . If I do rpm -qf /etc/systemd/system, it does say systemd-219-19.el7_2.x86_64 but rpm does not complain when I try to install the rpm

Youn Elan

Posted 2016-06-25T21:09:31.943

Reputation: 123

Answers

2

This is probably because in the %files section you have something like this:

%files
/etc/sudoers.d/

This makes your package not only include the files in /etc/sudoers.d; but also the directory itself. You can check this using rpm -qlp <generated-rpm>.

rpm does not allow different packages to provide the same file or directory. The solution is to only package the files inside this directory:

%files
/etc/sudoers.d/*

Chris Maes

Posted 2016-06-25T21:09:31.943

Reputation: 371

I actually had /etc/* and I voted you up but because if I do that my problem does disappear. However, my problem is I potentially have a varying number of directories in /etc and that is why I did /etc/* . I tried to add an exclude /etc/sudoers.d then add a directive /etc/sudoers.d/* but the files in there ended up not included. Is there a way to include all etc subdirectories without listing them one by one and still work? – Youn Elan – 2016-06-27T13:17:23.167

The interesting part is it only does that with /etc/sudoers.d . It does not do that with /etc/httpd/conf.d /etc/profile.d /etc/systemd/system etc – Youn Elan – 2016-06-27T13:18:53.503

why do you do an "exclude"? You can just specify manually each of your files (/etc/sudoers.d/file1 etc.) ; either the line I proposed: /etc/sudoers.d/*. You can check afterwards what exactly got included in your rpm using rpm -qlp. – Chris Maes – 2016-06-27T14:03:39.143

It is logical that it doesn't do that with /etc/httpd/conf.d/ etc; that is because nobody seems to provide those directories. You can check who owns a certain file or directory using rpm -qf /path/to/dir/or/file – Chris Maes – 2016-06-27T14:04:48.087

I edited the post to clarify: yes, it is owned by sudo but the same thing applies with /etc/systemd/system (provided by systemd) and /etc/httpd/conf.d (provided by httpd) but no warning happens there – Youn Elan – 2016-06-27T15:03:24.420

I ended up writing a script that generates the list of folders . Not exactly what I was hoping for but I guess it works. Thanks for the help – Youn Elan – 2016-06-27T22:33:53.203

Ok that works, but it is simpler if you remove '/etc/*' and add a list of all files your rpm provides. That's the way to go... – Chris Maes – 2016-06-28T06:27:59.487

Asked: 2016-06-25T21:09:31.943

Viewed: 1 074 times

Active: 2016-06-27T15:00:02.323