r5298 - in trunk/BOOK: . introduction/welcome postlfs/security

bdubbs at linuxfromscratch.org bdubbs at linuxfromscratch.org
Tue Nov 22 22:12:38 PST 2005


Author: bdubbs
Date: 2005-11-22 23:12:35 -0700 (Tue, 22 Nov 2005)
New Revision: 5298

Added:
   trunk/BOOK/postlfs/security/sudo.xml
Modified:
   trunk/BOOK/general.ent
   trunk/BOOK/introduction/welcome/changelog.xml
   trunk/BOOK/introduction/welcome/credits.xml
   trunk/BOOK/postlfs/security/security.xml
Log:
Added sudo-1.6.8p12

Modified: trunk/BOOK/general.ent
===================================================================
--- trunk/BOOK/general.ent	2005-11-22 19:34:08 UTC (rev 5297)
+++ trunk/BOOK/general.ent	2005-11-23 06:12:35 UTC (rev 5298)
@@ -45,6 +45,7 @@
 <!ENTITY mitkrb-version               "1.4.1">
 <!ENTITY cyrus-sasl-version           "2.1.21">
 <!ENTITY stunnel-version              "4.11">
+<!ENTITY sudo-version                 "1.6.8p12">
 
 <!-- Chapter 5 -->
 <!ENTITY reiser-version               "3.6.19">

Modified: trunk/BOOK/introduction/welcome/changelog.xml
===================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml	2005-11-22 19:34:08 UTC (rev 5297)
+++ trunk/BOOK/introduction/welcome/changelog.xml	2005-11-23 06:12:35 UTC (rev 5298)
@@ -45,6 +45,9 @@
       <para>November 22nd, 2005</para>
       <itemizedlist>
         <listitem>
+          <para>[bdubbs] - Added sudo-1.6.8p12.</para>
+        </listitem>
+        <listitem>
           <para>[randy] - Updated to HTML Tidy-051026. Also updated the docs to
           051020 and changed the documentation directory to a versioned
           name.</para>

Modified: trunk/BOOK/introduction/welcome/credits.xml
===================================================================
--- trunk/BOOK/introduction/welcome/credits.xml	2005-11-22 19:34:08 UTC (rev 5297)
+++ trunk/BOOK/introduction/welcome/credits.xml	2005-11-23 06:12:35 UTC (rev 5298)
@@ -231,6 +231,11 @@
       </listitem>
 
       <listitem>
+        <para>sudo:
+        <emphasis>Bruce Dubbs</emphasis></para>
+      </listitem>
+      
+      <listitem>
         <para>Screen:
         <emphasis>Andreas Pedersen</emphasis></para>
       </listitem>

Modified: trunk/BOOK/postlfs/security/security.xml
===================================================================
--- trunk/BOOK/postlfs/security/security.xml	2005-11-22 19:34:08 UTC (rev 5297)
+++ trunk/BOOK/postlfs/security/security.xml	2005-11-23 06:12:35 UTC (rev 5298)
@@ -44,5 +44,6 @@
   <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="mitkrb.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="cyrus-sasl.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="stunnel.xml"/>
+  <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="sudo.xml"/>
 
 </chapter>

Added: trunk/BOOK/postlfs/security/sudo.xml
===================================================================
--- trunk/BOOK/postlfs/security/sudo.xml	2005-11-22 19:34:08 UTC (rev 5297)
+++ trunk/BOOK/postlfs/security/sudo.xml	2005-11-23 06:12:35 UTC (rev 5298)
@@ -0,0 +1,207 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
+   "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
+  <!ENTITY % general-entities SYSTEM "../../general.ent">
+  %general-entities;
+
+  <!ENTITY sudo-download-http "http://www.courtesan.com/sudo/dist/sudo-&sudo-version;.tar.gz">
+  <!ENTITY sudo-download-ftp " ">
+  <!ENTITY sudo-md5sum "b29893c06192df6230dd5f340f3badf5">
+  <!ENTITY sudo-size "576 KB">
+  <!ENTITY sudo-buildsize "3.6 MB">
+  <!ENTITY sudo-time "less than 0.1 SBU">
+]>
+
+<sect1 id="sudo" xreflabel="sudo-&sudo-version;">
+  <?dbhtml filename="sudo.html"?>
+
+  <sect1info>
+    <othername>$LastChangedBy: $</othername>
+    <date>$Date: $</date>
+  </sect1info>
+
+  <title>Sudo-&sudo-version;</title>
+
+  <indexterm zone="sudo">
+    <primary sortas="a-sudo">sudo</primary>
+  </indexterm>
+
+  <sect2 role="package">
+    <title>Introduction to Sudo</title>
+
+    <para>The <application>sudo</application> package allows a system
+    administrator to give certain users (or groups of users) the ability to run
+    some (or all) commands as root or another user while logging the commands
+    and arguments.</para>
+
+    <bridgehead renderas="sect3">Package Information</bridgehead>
+    <itemizedlist spacing="compact">
+      <listitem>
+        <para>Download (HTTP): <ulink url="&sudo-download-http;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download (FTP): <ulink url="&sudo-download-ftp;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download MD5 sum: &sudo-md5sum;</para>
+      </listitem>
+      <listitem>
+        <para>Download size: &sudo-size;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated disk space required: &sudo-buildsize;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated build time: &sudo-time;</para>
+      </listitem>
+    </itemizedlist>
+
+<!--
+    <bridgehead renderas="sect3">Additional Downloads</bridgehead>
+    <itemizedlist spacing='compact'>
+      <listitem>
+        <para>Required patch: <ulink
+        url="&patch-root;/sudo-&sudo-version;-xxxx-1.patch"/></para>
+      </listitem>
+    </itemizedlist>
+    <bridgehead renderas="sect3">Sudo Dependencies</bridgehead>
+
+    <bridgehead renderas="sect4">Optional</bridgehead>
+  
+ 
+-->
+  </sect2>
+
+  <sect2 role="installation">
+    <title>Installation of Sudo</title>
+
+    <para>Install <application>sudo</application> by running
+    the following commands:</para>
+
+<screen><userinput>./configure --prefix=/usr --libexecdir=/usr/lib \
+    --enable-noargs-shell --with-ignore-dot --with-all-insults &&
+make</userinput></screen>
+
+    <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
+
+<screen role="root"><userinput>make install</userinput></screen>
+
+  </sect2>
+
+  <sect2 role="commands">
+    <title>Command Explanations</title>
+
+    <para><option>--enable-noargs-shell</option>: This switch allows sudo to
+    run a shell if involked with no arguments.</para>
+
+    <para><option>--with-ignore-dot</option>: This switch causes
+    <application>sudo</application> to ignore '.' in the PATH.</para>
+
+    <para><option>--with-all-insults</option>: This switch includes all the
+    sudo insult sets.</para>
+
+    <note><para>There are many options to <application>sudo</application>'s
+    configure command.  Check the <command>configure --help</command>  output
+    for a complete list.</para></note>
+
+  </sect2>
+
+  <sect2 role="configuration">
+    <title>Configuring Sudo</title>
+
+    <sect3 id="sudo-config">
+      <title>Config File</title>
+
+      <para><filename>/etc/sudoers</filename></para>
+
+      <indexterm zone="sudo sudo-config">
+        <primary sortas="e-etc-sudoers">/etc/sudoers</primary>
+      </indexterm>
+
+    </sect3>
+
+    <sect3>
+      <title>Configuration Information</title>
+
+      <para>The <filename>sudoers</filename> file can be quite complicated.  It
+      is composed of two types of entries: aliases (basically variables) and
+      user specifications (which specify who may run what).  The installation
+      installs a default configuration that has no privileges installed for any
+      user.</para>
+
+      <para>One example usage is to allow the system administrator to execute
+      any program without typing a password each time root privileges are
+      needed.  This can be configured as:</para>
+      
+      <screen># User alias specification
+User_Alias  ADMIN = YourLoginId
+
+# Allow people in group ADMIN to run all commands without a password
+ADMIN       ALL = NOPASSWD: ALL</screen>
+
+      <para>For details, see <command>man sudoers</command>.</para>
+
+    </sect3>
+
+  </sect2>
+
+  <sect2 role="content">
+    <title>Contents</title>
+
+    <segmentedlist>
+      <segtitle>Installed Programs</segtitle>
+      <segtitle>Installed Library</segtitle>
+      <segtitle>Installed Directories</segtitle>
+
+      <seglistitem>
+        <seg>sudo and sudoedit</seg>
+        <seg>sudo_noexec.so</seg>
+        <seg>None</seg>
+      </seglistitem>
+    </segmentedlist>
+
+    <variablelist>
+      <bridgehead renderas="sect3">Short Descriptions</bridgehead>
+      <?dbfo list-presentation="list"?>
+      <?dbhtml list-presentation="table"?>
+
+      <varlistentry id="sudo_prog">
+        <term><command>sudo</command></term>
+        <listitem>
+          <para>executes a command as another user as permitted by
+          the <filename>/etc/sudoers</filename> confiuration file.
+          </para>
+          <indexterm zone="sudo sudo">
+            <primary sortas="b-sudo">sudo</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry id="sudoedit">
+        <term><command>sudoedit</command></term>
+        <listitem>
+          <para>is a hard link to <command>sudo</command> that implies
+          the -e option to invoke an editor as another user.</para>
+          <indexterm zone="sudo sudoedit">
+            <primary sortas="b-sudoedit">sudoedit</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry id="sudo_noexec">
+        <term><filename class='libraryfile'>sudo_noexec.so</filename></term>
+        <listitem>
+          <para>enables support for the "noexec" functionality which prevents
+           a dynamically-linked program being run by sudo from executing
+           another program (think shell escapes).</para>
+          <indexterm zone="sudo sudo_noexec">
+            <primary sortas="c-sudo_noexec">sudo_noexec.so</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+
+    </variablelist>
+
+  </sect2>
+
+</sect1>




More information about the blfs-book mailing list