summaryrefslogtreecommitdiffstats
path: root/debian/sudo.prerm
blob: 1503418592a2f0d57a07d3dfbf41669cd15c2473 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
#!/bin/sh

set -e

check_password() {
    if [ ! "$SUDO_FORCE_REMOVE" = "yes" ]; then
	# let's check whether the root account is locked.
	# if it is, we're not going another step. No Sirreee!
	passwd=$(getent shadow root|cut -f2 -d:)
	passwd1=$(echo "$passwd" |cut -c1)
	# Note: we do need the 'xfoo' syntax here, since POSIX special-cases
	# the $passwd value '!' as negation.
	# bug #1001858 causes trouble here. In autopkgtest, the system
	# might be switching back and forth between sudo and sudo-ldap
	# without having a root password set. 
	# autopkgtest environment is not under our control, so we cannot
	# disable this test just for autopkgtest (it's autopkgtest itself
	# installing packages).
	if [ "x$passwd" = "x*" ] || [ "x$passwd1" = "x!" ]; then
	    # yup, password is locked
	    echo "You have asked that the sudo package be removed,"
	    echo "but no root password has been set."
	    echo "Without sudo, you may not be able to gain administrative privileges."
	    echo
	    echo "If you would prefer to access the root account with su(1)"
	    echo "or by logging in directly,"
	    echo "you must set a root password with \"sudo passwd\"."
	    echo 
	    echo "If you have arranged other means to access the root account,"
	    echo "and you are sure this is what you want,"
	    echo "you may bypass this check by setting an environment variable "
	    echo "(export SUDO_FORCE_REMOVE=yes)."
	    echo
	    echo "Refusing to remove sudo."
	    exit 1
	fi
    fi
}
	
case $1 in
	remove)
		check_password;
		;;
	*)
		;;
esac

#DEBHELPER#

exit 0