--- sudo-1.5.4.orig/parse.c +++ sudo-1.5.4/parse.c @@ -25,7 +25,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: parse.c,v 1.78 1998/01/13 04:48:42 millert Exp $"; +static char rcsid[] = "$Id: parse.c,v 1.80 1998/01/13 15:32:41 millert Exp $"; #endif /* lint */ #include "config.h" @@ -218,7 +218,7 @@ static char *c; /* don't bother with pseudo commands like "validate" */ - if (*cmnd != '/' && *cmnd != '.') + if (strchr(cmnd, '/') == NULL) return(FALSE); /* only need to stat cmnd once since it never changes */ --- sudo-1.5.4.orig/parse.yacc +++ sudo-1.5.4/parse.yacc @@ -27,7 +27,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: parse.yacc,v 1.103 1998/01/13 04:48:42 millert Exp $"; +static char rcsid[] = "$Id: parse.yacc,v 1.104 1998/01/13 07:00:02 millert Exp $"; #endif /* lint */ #include "config.h" @@ -680,13 +680,13 @@ (void) strcpy(ai.name, alias); if (lfind((VOID *)&ai, (VOID *)aliases, &naliases, sizeof(ai), aliascmp) != NULL) { - (void) sprintf(s, "Alias `%.*s' already defined", sizeof(s) - 25, + (void) sprintf(s, "Alias `%.*s' already defined", (int) sizeof(s) - 25, alias); yyerror(s); } else { if (naliases >= nslots && !more_aliases()) { (void) sprintf(s, "Out of memory defining alias `%.*s'", - sizeof(s) - 32, alias); + (int) sizeof(s) - 32, alias); yyerror(s); } @@ -697,7 +697,7 @@ ok = TRUE; } else { (void) sprintf(s, "Aliases corrupted defining alias `%.*s'", - sizeof(s) - 36, alias); + (int) sizeof(s) - 36, alias); yyerror(s); } } --- sudo-1.5.4.orig/options.h +++ sudo-1.5.4/options.h @@ -31,34 +31,34 @@ /* User-configurable Sudo runtime options */ -/*#define FQDN /* expect fully qualified hosts in sudoers */ +#define FQDN /* expect fully qualified hosts in sudoers */ #define LOGGING SLOG_SYSLOG /* log via SLOG_SYSLOG, SLOG_FILE, SLOG_BOTH */ -#define LOGFAC LOG_LOCAL2 /* syslog facility for sudo to use */ +#define LOGFAC LOG_AUTH /* syslog facility for sudo to use */ #define MAXLOGFILELEN 80 /* max chars per log line (for line wrapping) */ /*#define NO_ROOT_SUDO /* root is not allowed to use sudo */ #define ALERTMAIL "root" /* user that gets sudo mail */ #define SEND_MAIL_WHEN_NO_USER /* send mail when user not in sudoers file */ /*#define SEND_MAIL_WHEN_NOT_OK /* send mail if no permissions to run command */ -/*#define EXEMPTGROUP "sudo" /* no passwd needed for users in this group */ -/*#define ENV_EDITOR /* visudo honors EDITOR and VISUAL envars */ +#define EXEMPTGROUP "sudo" /* no passwd needed for users in this group */ +#define ENV_EDITOR /* visudo honors EDITOR and VISUAL envars */ #define SHORT_MESSAGE /* short sudo message, no copyright printed */ /*#define NO_MESSAGE /* no sudo "lecture" message */ -#define TIMEOUT 5 /* minutes before sudo asks for passwd again */ -#define PASSWORD_TIMEOUT 5 /* passwd prompt timeout (in minutes) */ +#define TIMEOUT 15 /* minutes before sudo asks for passwd again */ +#define PASSWORD_TIMEOUT 0 /* passwd prompt timeout (in minutes) */ #define TRIES_FOR_PASSWORD 3 /* number of tries to enter passwd correctly */ /*#define USE_INSULTS /* insult the user for incorrect passwords */ /*#define CLASSIC_INSULTS /* sudo "classic" insults--need USE_INSULTS */ /*#define HAL_INSULTS /* 2001-like insults--must define USE_INSULTS */ /*#define GOONS_INSULTS /* Goon Show insults--must define USE_INSULTS */ /*#define CSOPS_INSULTS /* CSOps insults--must define USE_INSULTS */ -#define EDITOR _PATH_VI /* default editor to use */ +#define EDITOR "/usr/bin/editor"/* default editor to use */ #define MAILER _PATH_SENDMAIL /* what mailer to use */ #define UMASK 0022 /* umask that the root-run prog should use */ #define INCORRECT_PASSWORD "Sorry, try again." /* message for bad passwd */ #define MAILSUBJECT "*** SECURITY information for %h ***" /* mail subject */ #define PASSPROMPT "Password:" /* default password prompt */ /*#define IGNORE_DOT_PATH /* ignore '.' in $PATH if it exists */ -/*#define SECURE_PATH "/bin:/usr/ucb:/usr/bin:/usr/etc:/etc" /* secure path */ +#define SECURE_PATH "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin" /* secure path */ /*#define USE_EXECV /* use execv() instead of execvp() */ /*#define SHELL_IF_NO_ARGS /* if sudo is given no arguments run a shell */ /*#define SHELL_SETS_HOME /* -s sets $HOME to runas user's homedir */ --- sudo-1.5.4.orig/INSTALL +++ sudo-1.5.4/INSTALL @@ -283,6 +283,9 @@ scripts that lack the "#!/some/shell" header correctly. The workaround is to give all your scripts a proper header. + Linux libc6 (aka glibc2) has a broken lsearch(). You will need + to comment out the "#define HAVE_LSEARCH 1" line in config.h and + add lsearch.o to the LIBOBJS line in the Makefile. SCO ODT: You'll probably need libcrypt_i.a available via anonymous ftp --- sudo-1.5.4.orig/RUNSON +++ sudo-1.5.4/RUNSON @@ -35,6 +35,7 @@ IRIX 5.3 mips gcc2.7.2.1 1.5.3 Todd Miller --with-kerb4 IRIX 5.3 mips unbundled cc 1.4 Wallace Winfrey --with-C2 IRIX 6.2 mips unbundled cc 1.5 Alek Komarnitsky --with-C2 +IRIX 6.4 mips unbundled cc 1.5.3 Jim Volpe none NEXTSTEP 2.1 m68k bundled cc 1.3.7 Todd Miller none NEXTSTEP 3.2 m68k bundled cc 1.5.3 Todd Miller none NEXTSTEP 3.2 i386 bundled cc 1.3.2 Jonathan Adams none --- sudo-1.5.4.orig/visudo.pod +++ sudo-1.5.4/visudo.pod @@ -17,8 +17,8 @@ simultaneous edits, provides basic sanity checks, and checks for parse errors. If the I file is currently being edited you will receive a message to try again later. In the -default configuration, the vi(1) editor is used, but there is -a compile time option to allow use of whatever editor the +default configuration, the system default editor /usr/bin/editor is used, +but there is a compile time option to allow use of whatever editor the environmental variables C or C are set to. B parses the I file after the edit and will --- sudo-1.5.4.orig/debian/copyright +++ sudo-1.5.4/debian/copyright @@ -0,0 +1,13 @@ +sudo is Copyright (C) 1991 The Root Group, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 dated June, 1991. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + +On Debian GNU/Linux systems, the complete text of the GNU General +Public License can be found in `/usr/doc/copyright/GPL'. --- sudo-1.5.4.orig/debian/control +++ sudo-1.5.4/debian/control @@ -0,0 +1,14 @@ +Source: sudo +Section: admin +Priority: optional +Maintainer: Bdale Garbee +Standards-Version: 2.4.0.0 + +Package: sudo +Architecture: any +Depends: ${shlibs:Depends} +Description: Provides limited super user privileges to specific users. + Sudo is a program designed to allow a sysadmin to give limited root + privileges to users and log root activity. The basic philosophy is to give + as few privileges as possible but still allow people to get their work done. + --- sudo-1.5.4.orig/debian/changelog +++ sudo-1.5.4/debian/changelog @@ -0,0 +1,203 @@ +sudo (1.5.4-4) frozen unstable; urgency=low + + * update postinst to use groupadd, closes 21403 + * move the suidregister stuff earlier in postinst to ensure it always runs + + -- Bdale Garbee Sun, 19 Apr 1998 22:07:45 -0600 + +sudo (1.5.4-3) frozen unstable; urgency=low + + * change /etc/sudoers from a conffile to being handled in postinst, + closes 18219 + * add suidmanager support, closes 15711 + * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is + unlikely to ever fix, and which just don't matter. closes 17146 + * fix FSF address in copyright file, and submit exception for lintian + warning about sudo being setuid root + + -- Bdale Garbee Thu, 9 Apr 1998 23:59:11 -0600 + +sudo (1.5.4-2) unstable; urgency=high + + * patch from upstream author correcting/improving security fix + + -- Bdale Garbee Tue, 13 Jan 1998 10:39:35 -0700 + +sudo (1.5.4-1) unstable; urgency=high + + * new upstream version, includes a security fix + * change default editor from /bin/ae to /usr/bin/editor + + -- Bdale Garbee Mon, 12 Jan 1998 23:36:41 -0700 + +sudo (1.5.3-1) unstable; urgency=medium + + * new upstream version, closes bug 15911. + * rules file reworked to use debhelper + * implement a really gross hack to force use of the sudo-provided + lsearch(), since the one in libc6 is broken! This closes bugs + 12552, 12557, 14881, 15259, 15916. + + -- Bdale Garbee Sat, 3 Jan 1998 20:39:23 -0700 + +sudo (1.5.2-6) unstable; urgency=LOW + + * don't install INSTALL in the doc directory, closes bug 13195. + + -- Bdale Garbee Sun, 21 Sep 1997 17:10:40 -0600 + +sudo (1.5.2-5) unstable; urgency=LOW + + * libc6 + + -- Bdale Garbee Fri, 5 Sep 1997 00:06:22 -0600 + +sudo (1.5.2-4) unstable; urgency=LOW + + * change TIMEOUT (how long before you have to type your password again) + to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian + packages on slower machines much more tolerable. Closes bug 9076. + * touch debian/suid before debstd. Closes bug 8709. + + -- Bdale Garbee Sat, 26 Apr 1997 00:48:01 -0600 + +sudo (1.5.2-3) frozen unstable; urgency=LOW + + * patch from upstream maintainer to close Bug 6828 + * add a debian/suid file to get debstd to leave my perl postinst alone + + -- Bdale Garbee Fri, 11 Apr 1997 23:09:55 -0600 + +sudo (1.5.2-2) frozen unstable; urgency=LOW + + * change rules to use -O2 -Wall as per standards + + -- Bdale Garbee Sun, 6 Apr 1997 12:48:53 -0600 + +sudo (1.5.2-1) unstable; urgency=LOW + + * new upstream version + * cosmetic changes to debian package control files + + -- Bdale Garbee Wed, 30 Oct 1996 09:50:00 -0700 + +sudo (1.5-2) unstable; urgency=LOW + + * add /usr/X11R6/bin to the end of the secure path... this makes it + much easier to run xmkmf, etc., during package builds. To the extent + that /usr/local/sbin and /usr/local/bin were already included, I see + no security reasons not to add this. + + -- Bdale Garbee Wed, 30 Oct 1996 09:44:58 -0700 + +sudo (1.5-1) unstable; urgency=LOW + + * New upstream version + * New maintainer + * New packaging format + + -- Bdale Garbee Thu, 29 Aug 1996 11:44:22 +0200 + +Tue Mar 5 09:36:41 MET 1996 Michael Meskes + + sudo (1.4.1-1): + + * hard code SECURE_PATH to: + "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + + * enable ENV_EDITOR + + * enabled EXEMPTGROUP "sudo" + + * moved timestamp dir to /var/log/sudo + + * changed parser to check for long and short filenames (Bug#1162) + +Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes + + sudo (1.4.2-1): + + * New upstream source + + * Fixed postinst script + (thanks to Peter Tobis ) + + * Removed special shadow binary. This version works with and without + shadow password file. + +Mon May 20 09:35:22 MET DST 1996 Michael Meskes + + sudo (1.4.2-2): + + * Corrected editor path to /bin/ae (Bug#3062) + + * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063) + +Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes + + sudo (1.4.3-1): + + * New upstream version + + * Changed sudoers permission to 440 (owner root, group root) to make + sudo usable via NFS + +Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes + + sudo (1.4.3-2): + + * Applied upstream patch 1 + +Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes + + sudo (1.4.3-3): + + * Applied upstream patch 2 + +Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes + + sudo (1.4.3-4): + + * Applied upstream patch 3 (fixes problems with an NFS-mounted + sudoers file) + + +Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes + + sudo (1.4.3-5): + + * Corrected postinst to use /usr/bin/perl instead of /bin/perl + [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)] + +Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes + + sudo (1.4.3-6): + + * Applied upstream patch 4 (fixes several bugs) + + * Changed priority to optional + +Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes + + sudo (1.4.3-7): + + * Corrected postinst to create correct permission for /etc/sudoers + (Bug#3749) + +Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes + + sudo (1.4.4-1): + + * New upstream version + + +sudo (1.4.4-2) admin; urgency=HIGH + + * Fixed major security bug reported by Peter Tobias + + * Added dchanges support to debian.rules + +sudo (1.4.5-1) admin; urgency=LOW + + * New upstream version + * Minor changes to debian.rules --- sudo-1.5.4.orig/debian/rules +++ sudo-1.5.4/debian/rules @@ -0,0 +1,62 @@ +#!/usr/bin/make -f + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +build: build-stamp +build-stamp: + @dh_testdir || \ + echo "NOTE: The 'debhelper' package must be installed to build sudo!" + CFLAGS="-g -O2 -Wall -Wno-comment" ./configure --prefix=/usr --with-C2 + # start ugly, ugly hack until libc6's 'lsearch()' gets fixed... + sed -e '/LSEARCH/s/define/undef/g' < config.h > config.h.new + mv config.h.new config.h + sed -e '/^LIBOBJS/s/=/=lsearch.o/g' < Makefile > Makefile.new + mv Makefile.new Makefile + # end ugly, ugly hack + make + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp config.cache config.log + dh_clean + make distclean || exit 0 + +binary-indep: build + +binary-arch: build + dh_testdir + dh_testroot + dh_clean + dh_installdirs + install -o root -g root -m 4755 -s sudo debian/tmp/usr/bin/sudo + install -o root -g root -m 0755 -s visudo debian/tmp/usr/sbin/visudo + install -o root -g root -m 0644 sudo.man debian/tmp/usr/man/man8/sudo.8 + install -o root -g root -m 0644 visudo.man \ + debian/tmp/usr/man/man8/visudo.8 + install -o root -g root -m 0644 sudoers.man \ + debian/tmp/usr/man/man5/sudoers.5 + install -g root -m 644 -o root debian/OPTIONS \ + debian/tmp/usr/doc/sudo/OPTIONS + install -g root -m 644 -o root sample.sudoers \ + debian/tmp/usr/doc/sudo/examples/sudoers + dh_installdocs + dh_installchangelogs + dh_strip + dh_compress + dh_fixperms + dh_suidregister + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +source diff: + @echo >&2 'source and diff are obsolete - use dpkg-source -b'; false + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary + --- sudo-1.5.4.orig/debian/OPTIONS +++ sudo-1.5.4/debian/OPTIONS @@ -0,0 +1,135 @@ +The following options were used to configure sudo + +FQDN + Define this if you want to put fully qualified hostnames in the sudoers + file. Ie: instead of myhost you would use myhost.mydomain.edu. + Beware that turning FQDN on requires sudo to make DNS lookups which + may make sudo unusable if your DNS is totally hosed. + Also note that you must use the host's official name as DNS knows it. + That is, you may not use a host alias (CNAME entry) due to performance + issues and the fact that there is no way to get all aliases from DNS. + This is off by default. + +LOGGING + How you want to do your logging. Your choices are SLOG_SYSLOG, SLOG_FILE, + or SLOG_BOTH. Setting this to SYSLOG is nice because you can keep all + your sudo logs in one place. If you don't have syslog or if your syslog + is of an ancient vintage (4.2BSD, SunOS 3.x and all versions of Ultrix) + you should probably use FILE logging (the pathname for the log file is + in pathnames.h). If you are really serious about security you may want + to set LOGGING to SLOG_BOTH (to keep people from killing your syslog with + a denial of service attack while they do something nasty). + The default is to use SLOG_SYSLOG. + +LOGFAC + What syslog facility to log to. This requires a 4.3BSD or later + version of syslog. You can still set this for ancient syslogs + but it will have no effect. + The default is to use LOG_AUTH. + +MAXLOGFILELEN + Number of characters per line for the file log. This is only + used if you are LOGGING to FILE or BOTH. MAXLOGFILELEN is used to + decide when to wrap lines for nicer log files. You can set it to MAXLOGLEN + if you don't want any word wrapping in your log files. + The default is 80. + +ALERTMAIL + User that mail from sudo is sent to. This should go to a sysadmin + at your site. + The default is "root". + +SEND_MAIL_WHEN_NO_USER + Send mail to ALERMAIL if the user invoking sudo is not in the sudoers file. + You probably want this on so you can yell at people trying to use sudo + when they are not allowed to. + This is on by default. + +EXEMPTGROUP + If this is defined then users in the group defined by EXEMPTGROUP + don't need to enter a password when running sudo. This may be useful + for sites that don't want their "core" sysadmins to have to enter + a password but where Jr. sysadmins need to. + This is on by default. + +ENV_EDITOR + Makes visudo consult the EDITOR and VISUAL environmental variables + before falling back on the default editor. Note that this may create + a security hole as most editors allow a user to get a shell (which would + be a root shell and hence, no logging). + This is on by default. + +SHORT_MESSAGE + Omits the copyright message from the "lecture" one gets when running + sudo for the first time on a machine. + This is on by default. + +TIMEOUT + Number of minutes that can elapse before sudo will ask for a passwd again. + The default is 15, set this to 0 to always prompt for a password. + +PASSWORD_TIMEOUT + Number of minutes before the sudo password prompt times out. + The default is 0, meaning we never give up. + +TRIES_FOR_PASSWORD + Number of tries a user gets to enter his/her password before sudo + logs the failure and exits. + The default is 3. + +EDITOR + This is the default editor used by visudo (and the only editor used unless + ENV_EDITOR is defined). + The default is /usr/bin/editor. + +MAILER + Mailer used to send mail when someone tries to sudo and access is denied. + As such, this should not be /usr/ucb/Mail or mailx. Sudo is setup to + use sendmail, but it should be possible to use smail as well. + The default is _PATH_SENDMAIL (where sendmail lives). + +UMASK + Umask to use when running the root command. If you do not define this + sudo will preserve the umask of the user invoking sudo. + The default is 0022. + +INCORRECT_PASSWORD + Message that is displayed if a user enters an incorrect password. + The default is "Sorry, try again." + +MAILSUBJECT + Subject of the mail sent to the ALERTMAIL user. + Default is "*** SECURITY information ***". + +PASSPROMPT + Default prompt to use when asking for a password. Can be overridden + via the -p option. Default is "Password:". + +SECURE_PATH + Path used for every command run from sudo(8). If you don't trust + the people running sudo to have a sane PATH environmental variable + you may want to define SECURE_PATH. Another use is if you want to + have the "root path" be separate from the "user path." You will + need to customize the path for your site. + For Debain it is + + /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + + NOTE: SECURE_PATH is not applied to users in the EXEMPTGROUP. + This is on by default. + +FAST_MATCH + When matching a given command to a path listed in the sudoers file, + only check the inodes for a match if the basenames match. + If you want links to a command to be allowed then you should turn + this off, but it will make things take a little longer. + This is on by default. + +SUDOERS_OWNER + Who should own the sudoers file. This must be a username, *not* a uid. + This is useful if you want to make the sudoers file NFS-mounted + but don't want to let the clients mount the filesystem with + root proviledges. A good choice for SUDOERS_OWNER in this case is + "daemon", a bad choice would be nobody. Note that this is usually + set in the Makefile. + The default is "root" (remember the quotes). --- sudo-1.5.4.orig/debian/README.debian +++ sudo-1.5.4/debian/README.debian @@ -0,0 +1,7 @@ +This is the Debian GNU/Linux prepackaged version of sudo. sudo is +used to provide limited super user privileges to specific users. + +This package was put together by Bdale Garbee using sources +from + ftp://ftp.courtesan.com/pub/sudo/ + --- sudo-1.5.4.orig/debian/postrm +++ sudo-1.5.4/debian/postrm @@ -0,0 +1,6 @@ +#!/usr/bin/perl + +if ( -e "/etc/suid.conf" && -x "/usr/sbin/suidregister" ) { + system ('suidunregister -s sudo /usr/bin/sudo'); +} + --- sudo-1.5.4.orig/debian/postinst +++ sudo-1.5.4/debian/postinst @@ -0,0 +1,63 @@ +#!/usr/bin/perl + +# remove old link + +unlink ("/etc/alternatives/sudo") if ( -l "/etc/alternatives/sudo"); + +# make sure we have a sudoers file +if ( ! -f "/etc/sudoers") { + + print "No /etc/sudoers found... creating one for you.\n"; + + open (SUDOERS, "> /etc/sudoers"); + print SUDOERS "# sudoers file.\n", + "#\n", + "# This file MUST be edited with the 'visudo' command as root.\n", + "#\n", + "# See the man page for details on how to write a sudoers file.\n", + "#\n\n# Host alias specification\n\n", + "# User alias specification\n\n", + "# Cmnd alias specification\n\n", + "# User privilege specification\nroot\tALL=(ALL) ALL\n"; + close SUDOERS; + +} + +# make sure sudoers has the correct permissions and owner/group +system ('chown root.root /etc/sudoers'); +system ('chmod 440 /etc/sudoers'); + +if ( -e "/etc/suid.conf" && -x "/usr/sbin/suidregister" ) { + system ('suidregister -s sudo /usr/bin/sudo root root 4755'); +} else { + system ('chown root.root /usr/bin/sudo'); + system ('chmod 4755 /usr/bin/sudo'); +} + +# make sure we have a sudo group + +exit 0 if getgrnam("sudo"); # we're finished if there is a group sudo + +$gid = 27; # start searcg with gid 27 +setgrent; +while (getgrgid($gid)) { + ++$gid; +} +endgrent; + +if ($gid != 27) { + print "On Debian we normally use gid 27 for 'sudo'.\n"; + $gname = getgrgid(27); + print "However, on your system gid 27 is group '$gname'.\n\n"; + print "Would you like me to stop configuring sudo so that you can change this? [n] "; + $ans = ; + if ($ans =~ m/^[yY].*/) { + print "'dpkg --pending --configure' will restart the configuration.\n\n\n"; + exit 1; + } +} + +print "Creating group 'sudo' with gid = $gid\n"; +system("groupadd -g $gid sudo"); + +print ""; --- sudo-1.5.4.orig/debian/dirs +++ sudo-1.5.4/debian/dirs @@ -0,0 +1,6 @@ +etc +usr/bin +usr/man/man8 +usr/man/man5 +usr/sbin +usr/doc/sudo/examples