Sudo-1.6.9p15
Installation of Sudo
Install sudo by running the
following commands:
./configure --prefix=/usr --libexecdir=/usr/lib \
--with-ignore-dot --with-all-insults \
--enable-shell-sets-home --disable-root-sudo \
--with-logfac=auth --without-pam --without-sendmail &&
make
This package does not come with a test suite.
Now, as the root
user:
make install
Command Explanations
--with-ignore-dot
: This switch causes
sudo to ignore '.' in the PATH.
--with-all-insults
: This switch
includes all the sudo insult sets.
--enable-shell-sets-home
: This switch
sets HOME to the target user in shell mode.
--disable-root-sudo
: This switch keeps
the root
user from running sudo,
preventing users from chaining commands to get a root shell.
--with-logfac=auth
: This switch forces
use of the auth facility for logging.
--without-pam
: This switch disables the
use of PAM authentication. Omit if
you have PAM installed.
--without-sendmail
: This switch
disables the use of sendmail. Remove if you have a sendmail
compatible MTA.
--enable-noargs-shell
: This switch
allows sudo to run a shell if
invoked with no arguments.
Note
There are many options to sudo's
configure command.
Check the configure
--help output for a complete list.
Configuring Sudo
Configuration Information
The sudoers
file can be quite
complicated. It is composed of two types of entries: aliases
(basically variables) and user specifications (which specify who
may run what). The installation installs a default configuration
that has no privileges installed for any user.
One example usage is to allow the system administrator to execute
any program without typing a password each time root privileges
are needed. This can be configured as:
# User alias specification
User_Alias ADMIN = YourLoginId
# Allow people in group ADMIN to run all commands without a password
ADMIN ALL = NOPASSWD: ALL
For details, see man
sudoers.
Note
The Sudo developers highly
recommend using the visudo program to edit the
sudoers
file. This will provide
basic sanity checking like syntax parsing and file permission
to avoid some possible mistakes that could lead to a vulnerable
configuration.
If you've built Sudo with
PAM support, issue the following
command as the root
user to
create the PAM configuration
file:
sed -e 's@/su@/sudo@' -e '/pam_rootok/d' \
/etc/pam.d/su > /etc/pam.d/sudo
Contents
Installed Programs:
sudo, sudoedit, and visudo
Installed Library:
sudo_noexec.so
Installed Directories:
None
Short Descriptions
sudo
|
executes a command as another user as permitted by the
/etc/sudoers configuration
file.
|
sudoedit
|
is a hard link to sudo that implies the
-e option to invoke an editor
as another user.
|
visudo
|
allows for safer editing of the sudoers file.
|
sudo_noexec.so
|
enables support for the "noexec" functionality which
prevents a dynamically-linked program being run by sudo
from executing another program (think shell escapes).
|
Last updated on 2008-08-17 11:30:32 -0500