sudo

Jonathan Oksman jonathan.oksman at gmail.com
Sat Mar 17 14:49:00 PDT 2007


On 3/17/07, Randy McMurchy <randy at linuxfromscratch.org> wrote:
> I cannot see us ever "recommending" that PAM be installed. Instead,
> it would probably be best to mention that if you need to use passwords
> with SUDO, you're likely to need PAM installed.

I see where you're coming from Randy - PAM is no small undertaking for
a learning experience and should be optional to the user.  My concerns
are all null and void now anyway, since it turns out my problems all
came from a single mispelling in my sudoers.  Thanks Jeremy, your
confidence in sudo working properly is what made me give it one more
go.


> Why would we recommend PAM for SUDO when it works just fine without
> it?

I don't think you should, now that I know I was incorrect.  But it
would be nice to include that PAM is an optional component to sudo in
future versions.  I didn't have time to find out if configure's
--with-pam implies --disable-passwd, but I used both when I recompiled
for PAM and it is working flawlessly.

I would include my pam.d/sudo, but it's actually a copy of pam.d/su
since I configured sudo to mimick su as much as possible, but without
the sufficient rootok directive (it appears that sudo authenticates as
root no matter who calls it, unlike su, so it would always authorize
anyone).



More information about the blfs-dev mailing list