2005-11-23 14:12:35 +08:00
|
|
|
<?xml version="1.0" encoding="ISO-8859-1"?>
|
|
|
|
|
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
|
|
|
|
|
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
|
|
|
|
|
<!ENTITY % general-entities SYSTEM "../../general.ent">
|
|
|
|
|
%general-entities;
|
|
|
|
|
|
|
|
|
|
<!ENTITY sudo-download-http "http://www.courtesan.com/sudo/dist/sudo-&sudo-version;.tar.gz">
|
|
|
|
|
<!ENTITY sudo-download-ftp " ">
|
|
|
|
|
<!ENTITY sudo-md5sum "b29893c06192df6230dd5f340f3badf5">
|
|
|
|
|
<!ENTITY sudo-size "576 KB">
|
|
|
|
|
<!ENTITY sudo-buildsize "3.6 MB">
|
|
|
|
|
<!ENTITY sudo-time "less than 0.1 SBU">
|
|
|
|
|
]>
|
|
|
|
|
|
|
|
|
|
<sect1 id="sudo" xreflabel="sudo-&sudo-version;">
|
|
|
|
|
<?dbhtml filename="sudo.html"?>
|
|
|
|
|
|
|
|
|
|
<sect1info>
|
2005-12-08 02:47:32 +08:00
|
|
|
<othername>$LastChangedBy$</othername>
|
|
|
|
|
<date>$Date$</date>
|
|
|
|
|
<keywordset>
|
|
|
|
|
<keyword role="package">sudo-&sudo-version;.tar</keyword>
|
|
|
|
|
<keyword role="ftptdir">sudo</keyword>
|
|
|
|
|
</keywordset>
|
2005-11-23 14:12:35 +08:00
|
|
|
</sect1info>
|
|
|
|
|
|
|
|
|
|
<title>Sudo-&sudo-version;</title>
|
|
|
|
|
|
|
|
|
|
<indexterm zone="sudo">
|
|
|
|
|
<primary sortas="a-sudo">sudo</primary>
|
|
|
|
|
</indexterm>
|
|
|
|
|
|
|
|
|
|
<sect2 role="package">
|
|
|
|
|
<title>Introduction to Sudo</title>
|
|
|
|
|
|
|
|
|
|
<para>The <application>sudo</application> package allows a system
|
|
|
|
|
administrator to give certain users (or groups of users) the ability to run
|
|
|
|
|
some (or all) commands as root or another user while logging the commands
|
|
|
|
|
and arguments.</para>
|
|
|
|
|
|
|
|
|
|
<bridgehead renderas="sect3">Package Information</bridgehead>
|
|
|
|
|
<itemizedlist spacing="compact">
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>Download (HTTP): <ulink url="&sudo-download-http;"/></para>
|
|
|
|
|
</listitem>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>Download (FTP): <ulink url="&sudo-download-ftp;"/></para>
|
|
|
|
|
</listitem>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>Download MD5 sum: &sudo-md5sum;</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>Download size: &sudo-size;</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>Estimated disk space required: &sudo-buildsize;</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>Estimated build time: &sudo-time;</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
</itemizedlist>
|
|
|
|
|
|
|
|
|
|
<!--
|
|
|
|
|
<bridgehead renderas="sect3">Additional Downloads</bridgehead>
|
|
|
|
|
<itemizedlist spacing='compact'>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>Required patch: <ulink
|
|
|
|
|
url="&patch-root;/sudo-&sudo-version;-xxxx-1.patch"/></para>
|
|
|
|
|
</listitem>
|
|
|
|
|
</itemizedlist>
|
|
|
|
|
<bridgehead renderas="sect3">Sudo Dependencies</bridgehead>
|
|
|
|
|
|
|
|
|
|
<bridgehead renderas="sect4">Optional</bridgehead>
|
2005-11-30 03:07:13 +08:00
|
|
|
|
|
|
|
|
|
2005-11-23 14:12:35 +08:00
|
|
|
-->
|
|
|
|
|
</sect2>
|
|
|
|
|
|
|
|
|
|
<sect2 role="installation">
|
|
|
|
|
<title>Installation of Sudo</title>
|
|
|
|
|
|
|
|
|
|
<para>Install <application>sudo</application> by running
|
|
|
|
|
the following commands:</para>
|
|
|
|
|
|
2005-11-24 01:30:34 +08:00
|
|
|
<screen><userinput>sed -i -e 's/CDPATH",/&\n "SHELLOPTS",\n "PS4",/' env.c
|
|
|
|
|
./configure --prefix=/usr --libexecdir=/usr/lib \
|
|
|
|
|
--enable-noargs-shell --with-ignore-dot --with-all-insults \
|
|
|
|
|
--enable-shell-sets-home &&
|
2005-11-23 14:12:35 +08:00
|
|
|
make</userinput></screen>
|
|
|
|
|
|
|
|
|
|
<para>Now, as the <systemitem class="username">root</systemitem> user:</para>
|
|
|
|
|
|
|
|
|
|
<screen role="root"><userinput>make install</userinput></screen>
|
|
|
|
|
|
|
|
|
|
</sect2>
|
|
|
|
|
|
|
|
|
|
<sect2 role="commands">
|
|
|
|
|
<title>Command Explanations</title>
|
|
|
|
|
|
2005-11-24 01:30:34 +08:00
|
|
|
<para><command>sed -i -e 's/CDPATH",/&\n "SHELLOPTS",\n "PS4",/'
|
|
|
|
|
env.c</command>: This command adds two envronment variables to a list of
|
|
|
|
|
variables to be excluded from the target environment. It solves a
|
|
|
|
|
security problem.</para>
|
|
|
|
|
|
2005-11-23 14:12:35 +08:00
|
|
|
<para><option>--enable-noargs-shell</option>: This switch allows sudo to
|
|
|
|
|
run a shell if involked with no arguments.</para>
|
|
|
|
|
|
|
|
|
|
<para><option>--with-ignore-dot</option>: This switch causes
|
|
|
|
|
<application>sudo</application> to ignore '.' in the PATH.</para>
|
|
|
|
|
|
|
|
|
|
<para><option>--with-all-insults</option>: This switch includes all the
|
|
|
|
|
sudo insult sets.</para>
|
|
|
|
|
|
2005-11-24 01:30:34 +08:00
|
|
|
<para><option>--enable-shell-sets-home</option>: This switch sets HOME to
|
|
|
|
|
the target user in shell mode.</para>
|
|
|
|
|
|
2005-11-23 14:12:35 +08:00
|
|
|
<note><para>There are many options to <application>sudo</application>'s
|
|
|
|
|
configure command. Check the <command>configure --help</command> output
|
|
|
|
|
for a complete list.</para></note>
|
|
|
|
|
|
|
|
|
|
</sect2>
|
|
|
|
|
|
|
|
|
|
<sect2 role="configuration">
|
|
|
|
|
<title>Configuring Sudo</title>
|
|
|
|
|
|
|
|
|
|
<sect3 id="sudo-config">
|
|
|
|
|
<title>Config File</title>
|
|
|
|
|
|
|
|
|
|
<para><filename>/etc/sudoers</filename></para>
|
|
|
|
|
|
|
|
|
|
<indexterm zone="sudo sudo-config">
|
|
|
|
|
<primary sortas="e-etc-sudoers">/etc/sudoers</primary>
|
|
|
|
|
</indexterm>
|
|
|
|
|
|
|
|
|
|
</sect3>
|
|
|
|
|
|
|
|
|
|
<sect3>
|
|
|
|
|
<title>Configuration Information</title>
|
|
|
|
|
|
|
|
|
|
<para>The <filename>sudoers</filename> file can be quite complicated. It
|
|
|
|
|
is composed of two types of entries: aliases (basically variables) and
|
|
|
|
|
user specifications (which specify who may run what). The installation
|
|
|
|
|
installs a default configuration that has no privileges installed for any
|
|
|
|
|
user.</para>
|
|
|
|
|
|
|
|
|
|
<para>One example usage is to allow the system administrator to execute
|
|
|
|
|
any program without typing a password each time root privileges are
|
|
|
|
|
needed. This can be configured as:</para>
|
2005-11-30 03:07:13 +08:00
|
|
|
|
2005-11-23 14:12:35 +08:00
|
|
|
<screen># User alias specification
|
|
|
|
|
User_Alias ADMIN = YourLoginId
|
|
|
|
|
|
|
|
|
|
# Allow people in group ADMIN to run all commands without a password
|
|
|
|
|
ADMIN ALL = NOPASSWD: ALL</screen>
|
|
|
|
|
|
|
|
|
|
<para>For details, see <command>man sudoers</command>.</para>
|
|
|
|
|
|
|
|
|
|
</sect3>
|
|
|
|
|
|
|
|
|
|
</sect2>
|
|
|
|
|
|
|
|
|
|
<sect2 role="content">
|
|
|
|
|
<title>Contents</title>
|
|
|
|
|
|
|
|
|
|
<segmentedlist>
|
|
|
|
|
<segtitle>Installed Programs</segtitle>
|
|
|
|
|
<segtitle>Installed Library</segtitle>
|
|
|
|
|
<segtitle>Installed Directories</segtitle>
|
|
|
|
|
|
|
|
|
|
<seglistitem>
|
|
|
|
|
<seg>sudo and sudoedit</seg>
|
|
|
|
|
<seg>sudo_noexec.so</seg>
|
|
|
|
|
<seg>None</seg>
|
|
|
|
|
</seglistitem>
|
|
|
|
|
</segmentedlist>
|
|
|
|
|
|
|
|
|
|
<variablelist>
|
|
|
|
|
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
|
|
|
|
|
<?dbfo list-presentation="list"?>
|
|
|
|
|
<?dbhtml list-presentation="table"?>
|
|
|
|
|
|
|
|
|
|
<varlistentry id="sudo_prog">
|
|
|
|
|
<term><command>sudo</command></term>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>executes a command as another user as permitted by
|
|
|
|
|
the <filename>/etc/sudoers</filename> confiuration file.
|
|
|
|
|
</para>
|
|
|
|
|
<indexterm zone="sudo sudo">
|
|
|
|
|
<primary sortas="b-sudo">sudo</primary>
|
|
|
|
|
</indexterm>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
|
|
<varlistentry id="sudoedit">
|
|
|
|
|
<term><command>sudoedit</command></term>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>is a hard link to <command>sudo</command> that implies
|
|
|
|
|
the -e option to invoke an editor as another user.</para>
|
|
|
|
|
<indexterm zone="sudo sudoedit">
|
|
|
|
|
<primary sortas="b-sudoedit">sudoedit</primary>
|
|
|
|
|
</indexterm>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
|
|
<varlistentry id="sudo_noexec">
|
|
|
|
|
<term><filename class='libraryfile'>sudo_noexec.so</filename></term>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>enables support for the "noexec" functionality which prevents
|
|
|
|
|
a dynamically-linked program being run by sudo from executing
|
|
|
|
|
another program (think shell escapes).</para>
|
|
|
|
|
<indexterm zone="sudo sudo_noexec">
|
|
|
|
|
<primary sortas="c-sudo_noexec">sudo_noexec.so</primary>
|
|
|
|
|
</indexterm>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
|
|
</variablelist>
|
|
|
|
|
|
|
|
|
|
</sect2>
|
|
|
|
|
|
|
|
|
|
</sect1>
|
