-/etc/sudoers.d/zabbix
+/etc/sudoers.d/zabbix_agentd_user
/etc/zabbix_agentd/zabbix_agentd.conf
/etc/zabbix_agentd/scripts/
/etc/zabbix_agentd/zabbix_agentd.d/
-/usr/lib/zabbix/
+/usr/lib/zabbix/
\ No newline at end of file
etc/logrotate.d/zabbix_agentd
etc/rc.d/init.d/zabbix_agentd
-etc/sudoers.d/zabbix
+etc/sudoers.d/zabbix_agentd
+etc/sudoers.d/zabbix_agentd_user
etc/zabbix_agentd
etc/zabbix_agentd/scripts
etc/zabbix_agentd/zabbix_agentd.conf
# Include file for sudoers file
#
-# This is needed for some userparameters to be able to execute commands that only run as root (using sudo)
-# e.g. /usr/bin/openssl or /usr/sbin/smartctl
+# This is needed for some IPFire specific userparameters to be able to execute commands that only run as root (using sudo)
#
-# USE AT YOU'RE OWN RISK. USING THIS WRONG CAN RESULT IN A SECURITY BREACH!
+# DO NOT CHANGE THIS FILE. This file is managed by IPFire, will be overwritten on next addon upgrade and is not
+# included in the backup.
#
-# Some hints:
-# - It is strongly recommended to edit this file only using the visudo -f <filename> command. If you mess up this file,
-# you might end up locking yourself out of your system!
-# - Append the full path incl. parameters to each command, using "," as separator.
-# - Only add commands you really need. Zabbix should not have more rights than it has to.
-#
-# Append / edit the following list of commands to fit your needs:
+# To add more sudo rights to zabbix agent, you should modify the sudoers file zabbix_agentd_user
#
Defaults:zabbix !requiretty
zabbix ALL=(ALL) NOPASSWD: /opt/pakfire/pakfire status
--- /dev/null
+# Include file for sudoers file
+#
+# This is needed for some userparameters to be able to execute commands that only run as root (using sudo)
+# e.g. /usr/bin/openssl or /usr/sbin/smartctl
+#
+# USE AT YOU'RE OWN RISK. USING THIS WRONG CAN RESULT IN A SECURITY BREACH!
+#
+# Some hints:
+# - It is strongly recommended to edit this file only using the visudo -f <filename> command. If you mess up this file,
+# you might end up locking yourself out of your system!
+# - Append the full path incl. parameters to each command, using "," as separator.
+# - Only add commands you really need. Zabbix should not have more rights than it has to.
+#
+# Uncomment the following line and edit the example of commands to fit your needs:
+
+#zabbix ALL=(ALL) NOPASSWD: <custom command 1>, <custom command 2>, ...
# Install sudoers include file
install -v -m 640 $(DIR_SRC)/config/zabbix_agentd/sudoers \
- /etc/sudoers.d/zabbix
+ /etc/sudoers.d/zabbix_agentd
+ install -v -m 640 $(DIR_SRC)/config/zabbix_agentd/sudoers_user \
+ /etc/sudoers.d/zabbix_agentd_user
# Install include file for backup
install -v -m 644 $(DIR_SRC)/config/backup/includes/zabbix_agentd \
############################################################################
#
. /opt/pakfire/lib/functions.sh
+
+# Check if old sudoers file exists and remove if it was not modified
+# or rename to the new zabbix_agentd_user file if it was.
+if [ -f /etc/sudoers.d/zabbix.user ]; then
+ mv -v /etc/sudoers.d/zabbix.user /etc/sudoers.d/zabbix
+fi
+
+if [ -f /etc/sudoers.d/zabbix ]; then
+ blake2=$(b2sum /etc/sudoers.d/zabbix | cut -f1 -d" ")
+ # from commits 5737a22 & 06fc617
+ if [ "$blake2" == "b0f73b107fd3842efc7ef3e30f6d948235aa07d533715476c2d3f58c08379193fdde9ff69aa6e0f5eb6cf4a98b2ed2a6f003f23078a57aff239b34cc29e62a98" ] || \
+ [ "$blake2" == "0628c416a1f217b0962a8ce6d1e339bdb0f0427d86fc06b2e40b63487ffc1a3543562d16f7f954d7fb92cee9764f0261c1663a39dd50bc73fd9b772575c56cfc" ]; then
+ rm -vf /etc/sudoers.d/zabbix
+ else
+ mv -v /etc/sudoers.d/zabbix /etc/sudoers.d/zabbix_agentd_user
+ fi
+fi
+
extract_backup_includes
./uninstall.sh
./install.sh
-# Ensure /etc/sudoers.d/zabbix.user is renamed to /etc/sudoers.d/zabbix
-if [ -e /etc/sudoers.d/zabbix.user ]; then
- mv -v /etc/sudoers.d/zabbix.user /etc/sudoers.d/zabbix
-fi