From a23da324a647296a31436631b958bc3443ceaaf2 Mon Sep 17 00:00:00 2001
From: "bugreport%peshkin.net" <>
Date: Fri, 14 Oct 2005 06:58:24 +0000
Subject: Bug 204498 Add su (setuser) function Patch by A. Karl Kornel
 <karl@kornel.name> r=joel, a=justdave

---
 checksetup.pl | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

(limited to 'checksetup.pl')

diff --git a/checksetup.pl b/checksetup.pl
index 225a3341e..f21523e5b 100755
--- a/checksetup.pl
+++ b/checksetup.pl
@@ -33,6 +33,7 @@
 #                 Max Kanat-Alexander <mkanat@bugzilla.org>
 #                 Joel Peshkin <bugreport@peshkin.net>
 #                 Lance Larsh <lance.larsh@oracle.com>
+#                 A. Karl Kornel <karl@kornel.name>
 #
 #
 #
@@ -4131,6 +4132,27 @@ while (my ($uid, $login, $gid, $rexp, $present) = $sth->fetchrow_array()) {
     }
 }
 
+# 2005-10-10 karl@kornel.name -- Bug 204498
+if (!GroupDoesExist('bz_sudoers')) {
+    my $sudoers_group = AddGroup('bz_sudoers',
+                                 'Can perform actions as other users');
+    my $sudo_protect_group = AddGroup('bz_sudo_protect',
+                                      'Can not be impersonated by other users');
+    my ($admin_group) = $dbh->selectrow_array('SELECT id FROM groups
+                                               WHERE name = ?', undef, 'admin');
+    
+    # Admins should be given sudo access
+    # Everyone in sudo should be in sudo_protect
+    # Admins can grant membership in both groups
+    my $sth = $dbh->prepare('INSERT INTO group_group_map 
+                             (member_id, grantor_id, grant_type) 
+                             VALUES (?, ?, ?)');
+    $sth->execute($admin_group, $sudoers_group, GROUP_MEMBERSHIP);
+    $sth->execute($sudoers_group, $sudo_protect_group, GROUP_MEMBERSHIP);
+    $sth->execute($admin_group, $sudoers_group, GROUP_BLESS);
+    $sth->execute($admin_group, $sudo_protect_group, GROUP_BLESS);
+}
+
 ###########################################################################
 # Create --SETTINGS-- users can adjust
 ###########################################################################
-- 
cgit v1.2.3-24-g4f1b