Contents
Short Descriptions
executes a command as another user as permitted by the
|
|
is a symlink to sudo that implies the
|
|
allows for safer editing of the |
|
is used to play back or list the output logs created by sudo. |
The Sudo package allows a system
administrator to give certain users (or groups of users) the
ability to run some (or all) commands as root
or another user while logging the commands
and arguments.
This package is known to build and work properly using an LFS-7.5 platform.
Download (HTTP): http://www.sudo.ws/sudo/dist/sudo-1.8.9p5.tar.gz
Download (FTP): ftp://ftp.sudo.ws/pub/sudo/sudo-1.8.9p5.tar.gz
Download MD5 sum: d3f1f1cfca6b2b06b048e1abb7d0227e
Download size: 2.1 MB
Estimated disk space required: 24 MB (additional 1 MB for tests)
Estimated build time: 0.4 SBU
AFS, FWTK, Linux-PAM-1.1.8, MIT Kerberos V5-1.12.1, an MTA (that provides a sendmail command), OpenLDAP-2.4.39, Opie and SecurID
User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/sudo
Install Sudo by running the following commands:
./configure --prefix=/usr \ --libexecdir=/usr/lib/sudo \ --docdir=/usr/share/doc/sudo-1.8.9p5 \ --with-timedir=/var/lib/sudo \ --with-all-insults \ --with-env-editor \ --with-passprompt="[sudo] password for %p" && make
To test the results, issue: env LC_ALL=C make check.
Now, as the root
user:
make install
--libexecdir=/usr/lib/sudo
:
This switch controls where private programs are installed.
Everything in that directory is a library, so they belong under
/usr/lib
instead of /usr/libexec
.
--with-timedir=/var/lib/sudo
: This
switch places the variable time stamp files in a FHS compatible
location.
--with-all-insults
: This
switch includes all the sudo
insult sets.
--with-env-editor
: This
switch enables use of the environment variable EDITOR for
visudo.
--with-passprompt
: This
switch sets the prompt.
There are many options to sudo's configure command. Check the configure --help output for a complete list.
The sudoers
file can be quite
complicated. It is composed of two types of entries: aliases
(basically variables) and user specifications (which specify who
may run what). The installation installs a default configuration
that has no privileges installed for any user.
One example usage is to allow the system administrator to execute any program without typing a password each time root privileges are needed. This can be configured as:
# User alias specification User_Alias ADMIN = YourLoginId # Allow people in group ADMIN to run all commands without a password ADMIN ALL = NOPASSWD: ALL
For details, see man sudoers.
The Sudo developers highly
recommend using the visudo program to edit the
sudoers
file. This will provide
basic sanity checking like syntax parsing and file permission
to avoid some possible mistakes that could lead to a vulnerable
configuration.
If you've built Sudo with
PAM support, issue the following
command as the root
user to
create the PAM configuration
file:
cat > /etc/pam.d/sudo << "EOF"
# Begin /etc/pam.d/sudo
# include the default auth settings
auth include system-auth
# include the default account settings
account include system-account
# Set default environment variables for the service user
session required pam_env.so
# include system session defaults
session include system-session
# End /etc/pam.d/sudo
EOF
chmod 644 /etc/pam.d/sudo
executes a command as another user as permitted by the
|
|
is a symlink to sudo that implies the
|
|
allows for safer editing of the |
|
is used to play back or list the output logs created by sudo. |
Last updated on 2014-03-03 19:06:31 -0800