2005-11-23 14:12:35 +08:00
|
|
|
<?xml version="1.0" encoding="ISO-8859-1"?>
|
2007-04-05 03:42:53 +08:00
|
|
|
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
|
|
|
|
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
2005-11-23 14:12:35 +08:00
|
|
|
<!ENTITY % general-entities SYSTEM "../../general.ent">
|
|
|
|
|
%general-entities;
|
|
|
|
|
|
2006-04-27 18:48:30 +08:00
|
|
|
<!-- Inserted as a reminder to do this. The mention of a test suite
|
|
|
|
|
is usually right before the root user installation commands. Please
|
|
|
|
|
delete these 12 (including one blank) lines after you are done.-->
|
|
|
|
|
|
|
|
|
|
<!-- Use one of the two mentions below about a test suite,
|
|
|
|
|
delete the line that is not applicable. Of course, if the
|
|
|
|
|
test suite uses syntax other than "make check", revise the
|
|
|
|
|
line to reflect the actual syntax to run the test suite -->
|
|
|
|
|
|
|
|
|
|
<!-- <para>This package does not come with a test suite.</para> -->
|
|
|
|
|
<!-- <para>To test the results, issue: <command>make check</command>.</para> -->
|
|
|
|
|
|
2005-11-23 14:12:35 +08:00
|
|
|
<!ENTITY sudo-download-http "http://www.courtesan.com/sudo/dist/sudo-&sudo-version;.tar.gz">
|
|
|
|
|
<!ENTITY sudo-download-ftp " ">
|
|
|
|
|
<!ENTITY sudo-md5sum "b29893c06192df6230dd5f340f3badf5">
|
|
|
|
|
<!ENTITY sudo-size "576 KB">
|
|
|
|
|
<!ENTITY sudo-buildsize "3.6 MB">
|
|
|
|
|
<!ENTITY sudo-time "less than 0.1 SBU">
|
|
|
|
|
]>
|
|
|
|
|
|
2007-02-15 01:41:56 +08:00
|
|
|
<sect1 id="sudo" xreflabel="sudo-&sudo-version;">
|
2005-11-23 14:12:35 +08:00
|
|
|
<?dbhtml filename="sudo.html"?>
|
|
|
|
|
|
|
|
|
|
<sect1info>
|
2005-12-08 02:47:32 +08:00
|
|
|
<othername>$LastChangedBy$</othername>
|
|
|
|
|
<date>$Date$</date>
|
2005-11-23 14:12:35 +08:00
|
|
|
</sect1info>
|
|
|
|
|
|
|
|
|
|
<title>Sudo-&sudo-version;</title>
|
|
|
|
|
|
|
|
|
|
<indexterm zone="sudo">
|
|
|
|
|
<primary sortas="a-sudo">sudo</primary>
|
|
|
|
|
</indexterm>
|
|
|
|
|
|
|
|
|
|
<sect2 role="package">
|
|
|
|
|
<title>Introduction to Sudo</title>
|
|
|
|
|
|
|
|
|
|
<para>The <application>sudo</application> package allows a system
|
|
|
|
|
administrator to give certain users (or groups of users) the ability to run
|
2005-12-08 18:22:17 +08:00
|
|
|
some (or all) commands as
|
|
|
|
|
<systemitem class="username">root</systemitem> or another user while
|
|
|
|
|
logging the commands and arguments.</para>
|
2005-11-23 14:12:35 +08:00
|
|
|
|
|
|
|
|
<bridgehead renderas="sect3">Package Information</bridgehead>
|
|
|
|
|
<itemizedlist spacing="compact">
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>Download (HTTP): <ulink url="&sudo-download-http;"/></para>
|
|
|
|
|
</listitem>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>Download (FTP): <ulink url="&sudo-download-ftp;"/></para>
|
|
|
|
|
</listitem>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>Download MD5 sum: &sudo-md5sum;</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>Download size: &sudo-size;</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>Estimated disk space required: &sudo-buildsize;</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>Estimated build time: &sudo-time;</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
</itemizedlist>
|
|
|
|
|
|
|
|
|
|
<bridgehead renderas="sect3">Additional Downloads</bridgehead>
|
|
|
|
|
<itemizedlist spacing='compact'>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>Required patch: <ulink
|
2006-01-20 00:12:21 +08:00
|
|
|
url="&patch-root;/sudo-&sudo-version;-envvar_fix-1.patch"/></para>
|
2005-11-23 14:12:35 +08:00
|
|
|
</listitem>
|
|
|
|
|
</itemizedlist>
|
2006-01-18 09:44:31 +08:00
|
|
|
<!--
|
2005-11-23 14:12:35 +08:00
|
|
|
<bridgehead renderas="sect3">Sudo Dependencies</bridgehead>
|
|
|
|
|
|
|
|
|
|
<bridgehead renderas="sect4">Optional</bridgehead>
|
|
|
|
|
-->
|
2006-01-18 09:44:31 +08:00
|
|
|
|
2006-04-11 02:38:22 +08:00
|
|
|
<para condition="html" role="usernotes">User Notes:
|
|
|
|
|
<ulink url="&blfs-wiki;/sudo"/></para>
|
|
|
|
|
|
2005-11-23 14:12:35 +08:00
|
|
|
</sect2>
|
|
|
|
|
|
|
|
|
|
<sect2 role="installation">
|
|
|
|
|
<title>Installation of Sudo</title>
|
|
|
|
|
|
|
|
|
|
<para>Install <application>sudo</application> by running
|
|
|
|
|
the following commands:</para>
|
|
|
|
|
|
2006-01-20 00:01:31 +08:00
|
|
|
<screen><userinput>patch -Np1 -i ../sudo-&sudo-version;-envvar_fix-1.patch &&
|
2006-01-18 09:44:31 +08:00
|
|
|
./configure --prefix=/usr --libexecdir=/usr/lib \
|
2005-11-24 01:30:34 +08:00
|
|
|
--enable-noargs-shell --with-ignore-dot --with-all-insults \
|
|
|
|
|
--enable-shell-sets-home &&
|
2005-11-23 14:12:35 +08:00
|
|
|
make</userinput></screen>
|
|
|
|
|
|
|
|
|
|
<para>Now, as the <systemitem class="username">root</systemitem> user:</para>
|
|
|
|
|
|
|
|
|
|
<screen role="root"><userinput>make install</userinput></screen>
|
|
|
|
|
|
|
|
|
|
</sect2>
|
|
|
|
|
|
|
|
|
|
<sect2 role="commands">
|
|
|
|
|
<title>Command Explanations</title>
|
|
|
|
|
|
2005-12-08 18:22:17 +08:00
|
|
|
<para><option>--enable-noargs-shell</option>: This switch allows
|
|
|
|
|
<application>sudo</application> to run a shell if invoked with no
|
|
|
|
|
arguments.</para>
|
2005-11-23 14:12:35 +08:00
|
|
|
|
|
|
|
|
<para><option>--with-ignore-dot</option>: This switch causes
|
|
|
|
|
<application>sudo</application> to ignore '.' in the PATH.</para>
|
|
|
|
|
|
|
|
|
|
<para><option>--with-all-insults</option>: This switch includes all the
|
2005-12-08 18:22:17 +08:00
|
|
|
<application>sudo</application> insult sets.</para>
|
2005-11-23 14:12:35 +08:00
|
|
|
|
2005-11-24 01:30:34 +08:00
|
|
|
<para><option>--enable-shell-sets-home</option>: This switch sets HOME to
|
|
|
|
|
the target user in shell mode.</para>
|
|
|
|
|
|
2005-12-08 18:22:17 +08:00
|
|
|
<note>
|
|
|
|
|
<para>There are many options to <application>sudo</application>'s
|
|
|
|
|
<command>configure</command> command. Check the
|
|
|
|
|
<command>configure --help</command> output for a complete list.</para>
|
|
|
|
|
</note>
|
2005-11-23 14:12:35 +08:00
|
|
|
|
|
|
|
|
</sect2>
|
|
|
|
|
|
|
|
|
|
<sect2 role="configuration">
|
|
|
|
|
<title>Configuring Sudo</title>
|
|
|
|
|
|
|
|
|
|
<sect3 id="sudo-config">
|
|
|
|
|
<title>Config File</title>
|
|
|
|
|
|
|
|
|
|
<para><filename>/etc/sudoers</filename></para>
|
|
|
|
|
|
|
|
|
|
<indexterm zone="sudo sudo-config">
|
|
|
|
|
<primary sortas="e-etc-sudoers">/etc/sudoers</primary>
|
|
|
|
|
</indexterm>
|
|
|
|
|
|
|
|
|
|
</sect3>
|
|
|
|
|
|
|
|
|
|
<sect3>
|
|
|
|
|
<title>Configuration Information</title>
|
|
|
|
|
|
|
|
|
|
<para>The <filename>sudoers</filename> file can be quite complicated. It
|
|
|
|
|
is composed of two types of entries: aliases (basically variables) and
|
|
|
|
|
user specifications (which specify who may run what). The installation
|
|
|
|
|
installs a default configuration that has no privileges installed for any
|
|
|
|
|
user.</para>
|
|
|
|
|
|
|
|
|
|
<para>One example usage is to allow the system administrator to execute
|
|
|
|
|
any program without typing a password each time root privileges are
|
|
|
|
|
needed. This can be configured as:</para>
|
2005-11-30 03:07:13 +08:00
|
|
|
|
2005-11-23 14:12:35 +08:00
|
|
|
<screen># User alias specification
|
|
|
|
|
User_Alias ADMIN = YourLoginId
|
|
|
|
|
|
|
|
|
|
# Allow people in group ADMIN to run all commands without a password
|
|
|
|
|
ADMIN ALL = NOPASSWD: ALL</screen>
|
|
|
|
|
|
|
|
|
|
<para>For details, see <command>man sudoers</command>.</para>
|
|
|
|
|
|
2005-12-22 11:32:33 +08:00
|
|
|
<note>
|
|
|
|
|
<para>The <application>Sudo</application> developers highly recommend
|
|
|
|
|
using the <command>visudo</command> program to edit the
|
|
|
|
|
<filename>sudoers</filename> file. This will provide basic sanity
|
|
|
|
|
checking like syntax parsing and file permission to avoid some possible
|
|
|
|
|
mistakes that could lead to a vulnerable configuration.</para>
|
|
|
|
|
</note>
|
|
|
|
|
|
2005-11-23 14:12:35 +08:00
|
|
|
</sect3>
|
|
|
|
|
|
|
|
|
|
</sect2>
|
|
|
|
|
|
|
|
|
|
<sect2 role="content">
|
|
|
|
|
<title>Contents</title>
|
|
|
|
|
|
|
|
|
|
<segmentedlist>
|
|
|
|
|
<segtitle>Installed Programs</segtitle>
|
|
|
|
|
<segtitle>Installed Library</segtitle>
|
|
|
|
|
<segtitle>Installed Directories</segtitle>
|
|
|
|
|
|
|
|
|
|
<seglistitem>
|
2005-12-22 11:32:33 +08:00
|
|
|
<seg>sudo, sudoedit, and visudo</seg>
|
2005-11-23 14:12:35 +08:00
|
|
|
<seg>sudo_noexec.so</seg>
|
|
|
|
|
<seg>None</seg>
|
|
|
|
|
</seglistitem>
|
|
|
|
|
</segmentedlist>
|
|
|
|
|
|
|
|
|
|
<variablelist>
|
|
|
|
|
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
|
|
|
|
|
<?dbfo list-presentation="list"?>
|
|
|
|
|
<?dbhtml list-presentation="table"?>
|
|
|
|
|
|
|
|
|
|
<varlistentry id="sudo_prog">
|
|
|
|
|
<term><command>sudo</command></term>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>executes a command as another user as permitted by
|
2005-12-08 18:22:17 +08:00
|
|
|
the <filename>/etc/sudoers</filename> configuration file.
|
2005-11-23 14:12:35 +08:00
|
|
|
</para>
|
|
|
|
|
<indexterm zone="sudo sudo">
|
|
|
|
|
<primary sortas="b-sudo">sudo</primary>
|
|
|
|
|
</indexterm>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
|
|
<varlistentry id="sudoedit">
|
|
|
|
|
<term><command>sudoedit</command></term>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>is a hard link to <command>sudo</command> that implies
|
2005-12-08 18:22:17 +08:00
|
|
|
the <option>-e</option> option to invoke an editor as another
|
|
|
|
|
user.</para>
|
2005-11-23 14:12:35 +08:00
|
|
|
<indexterm zone="sudo sudoedit">
|
|
|
|
|
<primary sortas="b-sudoedit">sudoedit</primary>
|
|
|
|
|
</indexterm>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
|
2005-12-22 11:32:33 +08:00
|
|
|
<varlistentry id="visudo">
|
|
|
|
|
<term><command>visudo</command></term>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>allows for safer editing of the <filename>sudoers</filename>
|
|
|
|
|
file.</para>
|
|
|
|
|
<indexterm zone="sudo visudo">
|
|
|
|
|
<primary sortas="b-visudo">visudo</primary>
|
|
|
|
|
</indexterm>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
|
|
|
2005-11-23 14:12:35 +08:00
|
|
|
<varlistentry id="sudo_noexec">
|
|
|
|
|
<term><filename class='libraryfile'>sudo_noexec.so</filename></term>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>enables support for the "noexec" functionality which prevents
|
|
|
|
|
a dynamically-linked program being run by sudo from executing
|
|
|
|
|
another program (think shell escapes).</para>
|
|
|
|
|
<indexterm zone="sudo sudo_noexec">
|
|
|
|
|
<primary sortas="c-sudo_noexec">sudo_noexec.so</primary>
|
|
|
|
|
</indexterm>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
|
|
</variablelist>
|
|
|
|
|
|
|
|
|
|
</sect2>
|
|
|
|
|
|
|
|
|
|
</sect1>
|
