source: postlfs/security/sudo.xml@ 7ea6667

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since 7ea6667 was 0aeb696, checked in by Randy McMurchy <randy@…>, 18 years ago

Added a comment to each file that may need a mention of a test suite added to it, this allows closing of bug #1697

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@5951 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 8.4 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
3 "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!-- Inserted as a reminder to do this. The mention of a test suite
8 is usually right before the root user installation commands. Please
9 delete these 12 (including one blank) lines after you are done.-->
10
11 <!-- Use one of the two mentions below about a test suite,
12 delete the line that is not applicable. Of course, if the
13 test suite uses syntax other than "make check", revise the
14 line to reflect the actual syntax to run the test suite -->
15
16 <!-- <para>This package does not come with a test suite.</para> -->
17 <!-- <para>To test the results, issue: <command>make check</command>.</para> -->
18
19 <!ENTITY sudo-download-http "http://www.courtesan.com/sudo/dist/sudo-&sudo-version;.tar.gz">
20 <!ENTITY sudo-download-ftp " ">
21 <!ENTITY sudo-md5sum "b29893c06192df6230dd5f340f3badf5">
22 <!ENTITY sudo-size "576 KB">
23 <!ENTITY sudo-buildsize "3.6 MB">
24 <!ENTITY sudo-time "less than 0.1 SBU">
25]>
26
27<sect1 id="sudo" xreflabel="sudo-&sudo-version;">
28 <?dbhtml filename="sudo.html"?>
29
30 <sect1info>
31 <othername>$LastChangedBy$</othername>
32 <date>$Date$</date>
33 <keywordset>
34 <keyword role="package">sudo-&sudo-version;.tar</keyword>
35 <keyword role="ftpdir">sudo</keyword>
36 </keywordset>
37 </sect1info>
38
39 <title>Sudo-&sudo-version;</title>
40
41 <indexterm zone="sudo">
42 <primary sortas="a-sudo">sudo</primary>
43 </indexterm>
44
45 <sect2 role="package">
46 <title>Introduction to Sudo</title>
47
48 <para>The <application>sudo</application> package allows a system
49 administrator to give certain users (or groups of users) the ability to run
50 some (or all) commands as
51 <systemitem class="username">root</systemitem> or another user while
52 logging the commands and arguments.</para>
53
54 <bridgehead renderas="sect3">Package Information</bridgehead>
55 <itemizedlist spacing="compact">
56 <listitem>
57 <para>Download (HTTP): <ulink url="&sudo-download-http;"/></para>
58 </listitem>
59 <listitem>
60 <para>Download (FTP): <ulink url="&sudo-download-ftp;"/></para>
61 </listitem>
62 <listitem>
63 <para>Download MD5 sum: &sudo-md5sum;</para>
64 </listitem>
65 <listitem>
66 <para>Download size: &sudo-size;</para>
67 </listitem>
68 <listitem>
69 <para>Estimated disk space required: &sudo-buildsize;</para>
70 </listitem>
71 <listitem>
72 <para>Estimated build time: &sudo-time;</para>
73 </listitem>
74 </itemizedlist>
75
76 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
77 <itemizedlist spacing='compact'>
78 <listitem>
79 <para>Required patch: <ulink
80 url="&patch-root;/sudo-&sudo-version;-envvar_fix-1.patch"/></para>
81 </listitem>
82 </itemizedlist>
83<!--
84 <bridgehead renderas="sect3">Sudo Dependencies</bridgehead>
85
86 <bridgehead renderas="sect4">Optional</bridgehead>
87-->
88
89 <para condition="html" role="usernotes">User Notes:
90 <ulink url="&blfs-wiki;/sudo"/></para>
91
92 </sect2>
93
94 <sect2 role="installation">
95 <title>Installation of Sudo</title>
96
97 <para>Install <application>sudo</application> by running
98 the following commands:</para>
99
100<screen><userinput>patch -Np1 -i ../sudo-&sudo-version;-envvar_fix-1.patch &amp;&amp;
101./configure --prefix=/usr --libexecdir=/usr/lib \
102 --enable-noargs-shell --with-ignore-dot --with-all-insults \
103 --enable-shell-sets-home &amp;&amp;
104make</userinput></screen>
105
106 <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
107
108<screen role="root"><userinput>make install</userinput></screen>
109
110 </sect2>
111
112 <sect2 role="commands">
113 <title>Command Explanations</title>
114
115 <para><option>--enable-noargs-shell</option>: This switch allows
116 <application>sudo</application> to run a shell if invoked with no
117 arguments.</para>
118
119 <para><option>--with-ignore-dot</option>: This switch causes
120 <application>sudo</application> to ignore '.' in the PATH.</para>
121
122 <para><option>--with-all-insults</option>: This switch includes all the
123 <application>sudo</application> insult sets.</para>
124
125 <para><option>--enable-shell-sets-home</option>: This switch sets HOME to
126 the target user in shell mode.</para>
127
128 <note>
129 <para>There are many options to <application>sudo</application>'s
130 <command>configure</command> command. Check the
131 <command>configure --help</command> output for a complete list.</para>
132 </note>
133
134 </sect2>
135
136 <sect2 role="configuration">
137 <title>Configuring Sudo</title>
138
139 <sect3 id="sudo-config">
140 <title>Config File</title>
141
142 <para><filename>/etc/sudoers</filename></para>
143
144 <indexterm zone="sudo sudo-config">
145 <primary sortas="e-etc-sudoers">/etc/sudoers</primary>
146 </indexterm>
147
148 </sect3>
149
150 <sect3>
151 <title>Configuration Information</title>
152
153 <para>The <filename>sudoers</filename> file can be quite complicated. It
154 is composed of two types of entries: aliases (basically variables) and
155 user specifications (which specify who may run what). The installation
156 installs a default configuration that has no privileges installed for any
157 user.</para>
158
159 <para>One example usage is to allow the system administrator to execute
160 any program without typing a password each time root privileges are
161 needed. This can be configured as:</para>
162
163 <screen># User alias specification
164User_Alias ADMIN = YourLoginId
165
166# Allow people in group ADMIN to run all commands without a password
167ADMIN ALL = NOPASSWD: ALL</screen>
168
169 <para>For details, see <command>man sudoers</command>.</para>
170
171 <note>
172 <para>The <application>Sudo</application> developers highly recommend
173 using the <command>visudo</command> program to edit the
174 <filename>sudoers</filename> file. This will provide basic sanity
175 checking like syntax parsing and file permission to avoid some possible
176 mistakes that could lead to a vulnerable configuration.</para>
177 </note>
178
179 </sect3>
180
181 </sect2>
182
183 <sect2 role="content">
184 <title>Contents</title>
185
186 <segmentedlist>
187 <segtitle>Installed Programs</segtitle>
188 <segtitle>Installed Library</segtitle>
189 <segtitle>Installed Directories</segtitle>
190
191 <seglistitem>
192 <seg>sudo, sudoedit, and visudo</seg>
193 <seg>sudo_noexec.so</seg>
194 <seg>None</seg>
195 </seglistitem>
196 </segmentedlist>
197
198 <variablelist>
199 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
200 <?dbfo list-presentation="list"?>
201 <?dbhtml list-presentation="table"?>
202
203 <varlistentry id="sudo_prog">
204 <term><command>sudo</command></term>
205 <listitem>
206 <para>executes a command as another user as permitted by
207 the <filename>/etc/sudoers</filename> configuration file.
208 </para>
209 <indexterm zone="sudo sudo">
210 <primary sortas="b-sudo">sudo</primary>
211 </indexterm>
212 </listitem>
213 </varlistentry>
214
215 <varlistentry id="sudoedit">
216 <term><command>sudoedit</command></term>
217 <listitem>
218 <para>is a hard link to <command>sudo</command> that implies
219 the <option>-e</option> option to invoke an editor as another
220 user.</para>
221 <indexterm zone="sudo sudoedit">
222 <primary sortas="b-sudoedit">sudoedit</primary>
223 </indexterm>
224 </listitem>
225 </varlistentry>
226
227 <varlistentry id="visudo">
228 <term><command>visudo</command></term>
229 <listitem>
230 <para>allows for safer editing of the <filename>sudoers</filename>
231 file.</para>
232 <indexterm zone="sudo visudo">
233 <primary sortas="b-visudo">visudo</primary>
234 </indexterm>
235 </listitem>
236 </varlistentry>
237
238
239 <varlistentry id="sudo_noexec">
240 <term><filename class='libraryfile'>sudo_noexec.so</filename></term>
241 <listitem>
242 <para>enables support for the "noexec" functionality which prevents
243 a dynamically-linked program being run by sudo from executing
244 another program (think shell escapes).</para>
245 <indexterm zone="sudo sudo_noexec">
246 <primary sortas="c-sudo_noexec">sudo_noexec.so</primary>
247 </indexterm>
248 </listitem>
249 </varlistentry>
250
251 </variablelist>
252
253 </sect2>
254
255</sect1>
Note: See TracBrowser for help on using the repository browser.