saving uncommitted changes in /etc prior to emerge run

diff --git a/.etckeeper b/.etckeeper
index 0e726f10ba6839a603d6fd01fa540d8d7d340523..bbb96ea045006034537f573e95f3bc16f7b335f3 100755 (executable)
--- a/.etckeeper
+++ b/.etckeeper
@@ -1991,6 +1991,7 @@ maybe chmod 0644 'openldap/schema/ppolicy.schema.default'
 maybe chmod 0644 'openldap/schema/quota.schema'
 maybe chmod 0644 'openldap/schema/rfc2307bis.schema'
 maybe chmod 0644 'openldap/schema/samba.schema'
+maybe chmod 0644 'openldap/schema/sudo.schema'
 maybe chgrp 'ldap' 'openldap/slapd.conf'
 maybe chmod 0640 'openldap/slapd.conf'
 maybe chgrp 'ldap' 'openldap/slapd.conf.default'

diff --git a/ldap.conf.sudo b/ldap.conf.sudo
index c5d51f95f053ab52e482a5ba14a57dc3a897be83..9d894b5aa2ac55c461b485293a990c7080a63c78 100644 (file)
--- a/ldap.conf.sudo
+++ b/ldap.conf.sudo
@@ -3,4 +3,4 @@
 
 # supported directives: host, port, ssl, ldap_version
 # uri, binddn, bindpw, sudoers_base, sudoers_debug
-# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key
+# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key}

diff --git a/openldap/schema/sudo.schema b/openldap/schema/sudo.schema
new file mode 100644 (file)
index 0000000..d3e95e0
--- /dev/null
+++ b/openldap/schema/sudo.schema
@@ -0,0 +1,76 @@
+#
+# OpenLDAP schema file for Sudo
+# Save as /etc/openldap/schema/sudo.schema
+#
+
+attributetype ( 1.3.6.1.4.1.15953.9.1.1
+    NAME 'sudoUser'
+    DESC 'User(s) who may  run sudo'
+    EQUALITY caseExactIA5Match
+    SUBSTR caseExactIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.15953.9.1.2
+    NAME 'sudoHost'
+    DESC 'Host(s) who may run sudo'
+    EQUALITY caseExactIA5Match
+    SUBSTR caseExactIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.15953.9.1.3
+    NAME 'sudoCommand'
+    DESC 'Command(s) to be executed by sudo'
+    EQUALITY caseExactIA5Match
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.15953.9.1.4
+    NAME 'sudoRunAs'
+    DESC 'User(s) impersonated by sudo (deprecated)'
+    EQUALITY caseExactIA5Match
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.15953.9.1.5
+    NAME 'sudoOption'
+    DESC 'Options(s) followed by sudo'
+    EQUALITY caseExactIA5Match
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.15953.9.1.6
+    NAME 'sudoRunAsUser'
+    DESC 'User(s) impersonated by sudo'
+    EQUALITY caseExactIA5Match
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.15953.9.1.7
+    NAME 'sudoRunAsGroup'
+    DESC 'Group(s) impersonated by sudo'
+    EQUALITY caseExactIA5Match
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.15953.9.1.8
+    NAME 'sudoNotBefore'
+    DESC 'Start of time interval for which the entry is valid'
+    EQUALITY generalizedTimeMatch
+    ORDERING generalizedTimeOrderingMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
+
+attributetype ( 1.3.6.1.4.1.15953.9.1.9
+    NAME 'sudoNotAfter'
+    DESC 'End of time interval for which the entry is valid'
+    EQUALITY generalizedTimeMatch
+    ORDERING generalizedTimeOrderingMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
+
+attributeTypes ( 1.3.6.1.4.1.15953.9.1.10
+    NAME 'sudoOrder'
+    DESC 'an integer to order the sudoRole entries'
+    EQUALITY integerMatch
+    ORDERING integerOrderingMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL
+    DESC 'Sudoer Entries'
+    MUST ( cn )
+    MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $ sudoOrder $ sudoNotBefore $ sudoNotAfter $
+           description )
+    )