linux-from-scratch/glfs
1
0
Fork 0
mirror of https://github.com/Zeckmathederg/glfs.git synced 2025-02-01 21:12:12 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
59ebf930d2
glfs/postlfs/security/sudo.xml
Randy McMurchy 6732c09460 Updated all the XML files (and the one stylesheet) to use the 4.5 version of DocBook XML DTD 
git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@6716 af4574ff-66df-0310-9fd7-8a98e5e911e0
2007-04-04 19:42:53 +00:00

252 lines
8.3 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
<!-- Inserted as a reminder to do this. The mention of a test suite
is usually right before the root user installation commands. Please
delete these 12 (including one blank) lines after you are done.-->
<!-- Use one of the two mentions below about a test suite,
delete the line that is not applicable. Of course, if the
test suite uses syntax other than "make check", revise the
line to reflect the actual syntax to run the test suite -->
<!-- <para>This package does not come with a test suite.</para> -->
<!-- <para>To test the results, issue: <command>make check</command>.</para> -->
<!ENTITY sudo-download-http "http://www.courtesan.com/sudo/dist/sudo-&sudo-version;.tar.gz">
<!ENTITY sudo-download-ftp " ">
<!ENTITY sudo-md5sum "b29893c06192df6230dd5f340f3badf5">
<!ENTITY sudo-size "576 KB">
<!ENTITY sudo-buildsize "3.6 MB">
<!ENTITY sudo-time "less than 0.1 SBU">
]>
<sect1 id="sudo" xreflabel="sudo-&sudo-version;">
<?dbhtml filename="sudo.html"?>
<sect1info>
<othername>$LastChangedBy$</othername>
<date>$Date$</date>
</sect1info>
<title>Sudo-&sudo-version;</title>
<indexterm zone="sudo">
<primary sortas="a-sudo">sudo</primary>
</indexterm>
<sect2 role="package">
<title>Introduction to Sudo</title>
<para>The <application>sudo</application> package allows a system
administrator to give certain users (or groups of users) the ability to run
some (or all) commands as
<systemitem class="username">root</systemitem> or another user while
logging the commands and arguments.</para>
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>Download (HTTP): <ulink url="&sudo-download-http;"/></para>
</listitem>
<listitem>
<para>Download (FTP): <ulink url="&sudo-download-ftp;"/></para>
</listitem>
<listitem>
<para>Download MD5 sum: &sudo-md5sum;</para>
</listitem>
<listitem>
<para>Download size: &sudo-size;</para>
</listitem>
<listitem>
<para>Estimated disk space required: &sudo-buildsize;</para>
</listitem>
<listitem>
<para>Estimated build time: &sudo-time;</para>
</listitem>
</itemizedlist>
<bridgehead renderas="sect3">Additional Downloads</bridgehead>
<itemizedlist spacing='compact'>
<listitem>
<para>Required patch: <ulink
url="&patch-root;/sudo-&sudo-version;-envvar_fix-1.patch"/></para>
</listitem>
</itemizedlist>
<!--
<bridgehead renderas="sect3">Sudo Dependencies</bridgehead>
<bridgehead renderas="sect4">Optional</bridgehead>
-->
<para condition="html" role="usernotes">User Notes:
<ulink url="&blfs-wiki;/sudo"/></para>
</sect2>
<sect2 role="installation">
<title>Installation of Sudo</title>
<para>Install <application>sudo</application> by running
the following commands:</para>
<screen><userinput>patch -Np1 -i ../sudo-&sudo-version;-envvar_fix-1.patch &amp;&amp;
./configure --prefix=/usr --libexecdir=/usr/lib \
--enable-noargs-shell --with-ignore-dot --with-all-insults \
--enable-shell-sets-home &amp;&amp;
make</userinput></screen>
<para>Now, as the <systemitem class="username">root</systemitem> user:</para>
<screen role="root"><userinput>make install</userinput></screen>
</sect2>
<sect2 role="commands">
<title>Command Explanations</title>
<para><option>--enable-noargs-shell</option>: This switch allows
<application>sudo</application> to run a shell if invoked with no
arguments.</para>
<para><option>--with-ignore-dot</option>: This switch causes
<application>sudo</application> to ignore '.' in the PATH.</para>
<para><option>--with-all-insults</option>: This switch includes all the
<application>sudo</application> insult sets.</para>
<para><option>--enable-shell-sets-home</option>: This switch sets HOME to
the target user in shell mode.</para>
<note>
<para>There are many options to <application>sudo</application>'s
<command>configure</command> command. Check the
<command>configure --help</command> output for a complete list.</para>
</note>
</sect2>
<sect2 role="configuration">
<title>Configuring Sudo</title>
<sect3 id="sudo-config">
<title>Config File</title>
<para><filename>/etc/sudoers</filename></para>
<indexterm zone="sudo sudo-config">
<primary sortas="e-etc-sudoers">/etc/sudoers</primary>
</indexterm>
</sect3>
<sect3>
<title>Configuration Information</title>
<para>The <filename>sudoers</filename> file can be quite complicated. It
is composed of two types of entries: aliases (basically variables) and
user specifications (which specify who may run what). The installation
installs a default configuration that has no privileges installed for any
user.</para>
<para>One example usage is to allow the system administrator to execute
any program without typing a password each time root privileges are
needed. This can be configured as:</para>
<screen># User alias specification
User_Alias ADMIN = YourLoginId
# Allow people in group ADMIN to run all commands without a password
ADMIN ALL = NOPASSWD: ALL</screen>
<para>For details, see <command>man sudoers</command>.</para>
<note>
<para>The <application>Sudo</application> developers highly recommend
using the <command>visudo</command> program to edit the
<filename>sudoers</filename> file. This will provide basic sanity
checking like syntax parsing and file permission to avoid some possible
mistakes that could lead to a vulnerable configuration.</para>
</note>
</sect3>
</sect2>
<sect2 role="content">
<title>Contents</title>
<segmentedlist>
<segtitle>Installed Programs</segtitle>
<segtitle>Installed Library</segtitle>
<segtitle>Installed Directories</segtitle>
<seglistitem>
<seg>sudo, sudoedit, and visudo</seg>
<seg>sudo_noexec.so</seg>
<seg>None</seg>
</seglistitem>
</segmentedlist>
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
<?dbhtml list-presentation="table"?>
<varlistentry id="sudo_prog">
<term><command>sudo</command></term>
<listitem>
<para>executes a command as another user as permitted by
the <filename>/etc/sudoers</filename> configuration file.
</para>
<indexterm zone="sudo sudo">
<primary sortas="b-sudo">sudo</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="sudoedit">
<term><command>sudoedit</command></term>
<listitem>
<para>is a hard link to <command>sudo</command> that implies
the <option>-e</option> option to invoke an editor as another
user.</para>
<indexterm zone="sudo sudoedit">
<primary sortas="b-sudoedit">sudoedit</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="visudo">
<term><command>visudo</command></term>
<listitem>
<para>allows for safer editing of the <filename>sudoers</filename>
file.</para>
<indexterm zone="sudo visudo">
<primary sortas="b-visudo">visudo</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="sudo_noexec">
<term><filename class='libraryfile'>sudo_noexec.so</filename></term>
<listitem>
<para>enables support for the "noexec" functionality which prevents
a dynamically-linked program being run by sudo from executing
another program (think shell escapes).</para>
<indexterm zone="sudo sudo_noexec">
<primary sortas="c-sudo_noexec">sudo_noexec.so</primary>
</indexterm>
</listitem>
</varlistentry>
</variablelist>
</sect2>
</sect1>
Reference in New Issue View Git Blame Copy Permalink