From patchwork Sun Nov  3 21:41:52 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Stephan Henningsen <stephan@asklandd.dk>
X-Patchwork-Id: 1188701
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming-buildroot@patchwork.ozlabs.org
Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized)
	smtp.mailfrom=busybox.net (client-ip=140.211.166.136;
	helo=silver.osuosl.org;
	envelope-from=buildroot-bounces@busybox.net;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=none (p=none dis=none) header.from=asklandd.dk
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=asklandd-dk.20150623.gappssmtp.com
	header.i=@asklandd-dk.20150623.gappssmtp.com
	header.b="Cm46mNB0"; dkim-atps=neutral
Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 475qCJ3TfLz9s4Y
	for <incoming-buildroot@patchwork.ozlabs.org>;
	Mon,  4 Nov 2019 08:42:18 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
	by silver.osuosl.org (Postfix) with ESMTP id 148CB2078C;
	Sun,  3 Nov 2019 21:42:15 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from silver.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id yo1g2QzzdfWD; Sun,  3 Nov 2019 21:42:13 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by silver.osuosl.org (Postfix) with ESMTP id 8F038204D4;
	Sun,  3 Nov 2019 21:42:13 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])
	by ash.osuosl.org (Postfix) with ESMTP id 1C32C1BF3B9
	for <buildroot@lists.busybox.net>;
	Sun,  3 Nov 2019 21:42:13 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by whitealder.osuosl.org (Postfix) with ESMTP id 12DD58A39E
	for <buildroot@lists.busybox.net>;
	Sun,  3 Nov 2019 21:42:13 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from whitealder.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 8AZTQiOHNlpG for <buildroot@lists.busybox.net>;
	Sun,  3 Nov 2019 21:42:11 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from mail-wr1-f66.google.com (mail-wr1-f66.google.com
	[209.85.221.66])
	by whitealder.osuosl.org (Postfix) with ESMTPS id 900E38A392
	for <buildroot@buildroot.org>; Sun,  3 Nov 2019 21:42:11 +0000 (UTC)
Received: by mail-wr1-f66.google.com with SMTP id t1so8965657wrv.4
	for <buildroot@buildroot.org>; Sun, 03 Nov 2019 13:42:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=asklandd-dk.20150623.gappssmtp.com; s=20150623;
	h=from:to:cc:subject:date:message-id;
	bh=HtPDEnph75A8N3H4+0eDMhWUl/ZiJ9O+OUHITHvNvmw=;
	b=Cm46mNB0/g1N+AKdpsJwJFqp1jqLOXW8DPPMKSz3CmZBHL0iqc26+a1T8NjgOesTiQ
	/9xmnQl9889he5d6QC/0/WaUetmxWhDoDMqbQWxJjC8kS6bJ8EvNdtzkoxjo2lgwgi3d
	gp1F7Z1Tc5jHckRKeoVlyhZO18TFWE4U46egsJWqF/nGxmZEzDeDs7mo82LUr7lcFn+4
	p2B50ZqkwX1PPt5oxF/We183z9SwvO0V3M8ITztXyAIb4kEPq2Yestk15030b96iOxcU
	cH5DVcrBG+LtVJ50Il1RXRMrX5ts28IhX0XFW40ko31qsTnC7CT/HSTG+3vU5R6xgozS
	cA6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=HtPDEnph75A8N3H4+0eDMhWUl/ZiJ9O+OUHITHvNvmw=;
	b=PwISdAlC9+S4fyREjJbmCf7cyvqbZZJCj57/Ft3/K/2/7jwDxVJZsX2zrLFGd+HF4E
	6i+yObM5Q0Vub4G06uwhQpM8t8jtREb7VQFsUkrPTi+6iwDQmkPVCgRDhq/Ike/RW/i2
	d0U4O4c1eScjiONG11bxL5+93SkoKfTICnZmGW5Z2fZvfeNjkA2G3iVtr5q0qmLnS242
	8xZv9b2QPRKR4cw9onJ/ftTIg2YGgCSbuSEpx8qakL0QggwLl/1ixHnWCdneZhvUz01/
	lf8KM/XSHppK9CextLtrkUQX0cyDc6VDlHfgUnHWrQhH+4qaaifgzen6UZX9Qcf53vxx
	d29Q==
X-Gm-Message-State: APjAAAVK3karB30tbvuoXpkv0CKqybQMJDHJtmKdFdx9sy7a11m0F6By
	kvBijJxEqjRxUXGsvx33hVXI4YPs8CA=
X-Google-Smtp-Source: 
 APXvYqyXZ31vPFS1Q1MWZBE1KW5X0hbDOGGW1SFWMD3WMbLK3PmQ1VNwYXkcA5qSaCsFtJjrV0lxAg==
X-Received: by 2002:adf:e5cc:: with SMTP id
	a12mr21072527wrn.258.1572817329567;
	Sun, 03 Nov 2019 13:42:09 -0800 (PST)
Received: from lumines.sputnik.lan (static-5-186-52-63.ip.fibianet.dk.
	[5.186.52.63]) by smtp.gmail.com with ESMTPSA id
	h205sm16182450wmf.35.2019.11.03.13.42.08
	(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
	Sun, 03 Nov 2019 13:42:08 -0800 (PST)
From: Stephan Henningsen <stephan@asklandd.dk>
To: buildroot@buildroot.org
Date: Sun,  3 Nov 2019 22:41:52 +0100
Message-Id: <20191103214153.24621-1-stephan@asklandd.dk>
X-Mailer: git-send-email 2.17.1
Subject: [Buildroot] [PATCH] package/sudo: new config to add sudo group and
	rule
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=subscribe>
Cc: Stephan Henningsen <stephan+buildroot@asklandd.dk>
MIME-Version: 1.0
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

From: Stephan Henningsen <stephan+buildroot@asklandd.dk>

Signed-off-by: Stephan Henningsen <stephan+buildroot@asklandd.dk>
---
 package/sudo/Config.in | 15 +++++++++++++++
 package/sudo/sudo.mk   | 13 +++++++++++++
 2 files changed, 28 insertions(+)

diff --git a/package/sudo/Config.in b/package/sudo/Config.in
index cbef15d67b..403d634ceb 100644
--- a/package/sudo/Config.in
+++ b/package/sudo/Config.in
@@ -9,3 +9,18 @@ config BR2_PACKAGE_SUDO
 	  but still allow people to get their work done.
 
 	  http://www.sudo.ws/sudo/
+
+
+if BR2_PACKAGE_SUDO
+
+config BR2_PACKAGE_SUDO_GROUP_AND_RULE
+	bool "add group 'sudo' and enable associated sudo rule"
+	select BR2_PACKAGE_SUDO_GROUP
+	help
+	  Creates a group named 'sudo', and enables the following rule
+	  in the /etc/sudoers configuration file that allows members of
+	  group 'sudo' to execute any command as root:
+
+	  %sudo ALL=(ALL) ALL
+
+endif
diff --git a/package/sudo/sudo.mk b/package/sudo/sudo.mk
index cf8b63b1db..5df39b193e 100644
--- a/package/sudo/sudo.mk
+++ b/package/sudo/sudo.mk
@@ -64,4 +64,17 @@ define SUDO_PERMISSIONS
 	/usr/bin/sudo f 4755 0 0 - - - - -
 endef
 
+ifeq ($(BR2_PACKAGE_SUDO_GROUP_AND_RULE),y)
+define SUDO_USERS
+    -               -1   sudo            -1   -             -            -         -
+endef
+
+define SUDO_ENABLE_SUDO_GROUP_RULE
+	$(SED) '/^# \%sudo\tALL=(ALL) ALL/s/^# //' $(TARGET_DIR)/etc/sudoers
+endef
+
+SUDO_POST_INSTALL_TARGET_HOOKS += SUDO_ENABLE_SUDO_GROUP_RULE
+
+endif
+
 $(eval $(autotools-package))