source: postlfs/security/sudo.xml@ 74169a7c

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since 74169a7c was 74169a7c, checked in by Bruce Dubbs <bdubbs@…>, 18 years ago

Added security update and a switch to sudo

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@5299 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 6.9 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
3 "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY sudo-download-http "http://www.courtesan.com/sudo/dist/sudo-&sudo-version;.tar.gz">
8 <!ENTITY sudo-download-ftp " ">
9 <!ENTITY sudo-md5sum "b29893c06192df6230dd5f340f3badf5">
10 <!ENTITY sudo-size "576 KB">
11 <!ENTITY sudo-buildsize "3.6 MB">
12 <!ENTITY sudo-time "less than 0.1 SBU">
13]>
14
15<sect1 id="sudo" xreflabel="sudo-&sudo-version;">
16 <?dbhtml filename="sudo.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy: $</othername>
20 <date>$Date: $</date>
21 </sect1info>
22
23 <title>Sudo-&sudo-version;</title>
24
25 <indexterm zone="sudo">
26 <primary sortas="a-sudo">sudo</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to Sudo</title>
31
32 <para>The <application>sudo</application> package allows a system
33 administrator to give certain users (or groups of users) the ability to run
34 some (or all) commands as root or another user while logging the commands
35 and arguments.</para>
36
37 <bridgehead renderas="sect3">Package Information</bridgehead>
38 <itemizedlist spacing="compact">
39 <listitem>
40 <para>Download (HTTP): <ulink url="&sudo-download-http;"/></para>
41 </listitem>
42 <listitem>
43 <para>Download (FTP): <ulink url="&sudo-download-ftp;"/></para>
44 </listitem>
45 <listitem>
46 <para>Download MD5 sum: &sudo-md5sum;</para>
47 </listitem>
48 <listitem>
49 <para>Download size: &sudo-size;</para>
50 </listitem>
51 <listitem>
52 <para>Estimated disk space required: &sudo-buildsize;</para>
53 </listitem>
54 <listitem>
55 <para>Estimated build time: &sudo-time;</para>
56 </listitem>
57 </itemizedlist>
58
59<!--
60 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
61 <itemizedlist spacing='compact'>
62 <listitem>
63 <para>Required patch: <ulink
64 url="&patch-root;/sudo-&sudo-version;-xxxx-1.patch"/></para>
65 </listitem>
66 </itemizedlist>
67 <bridgehead renderas="sect3">Sudo Dependencies</bridgehead>
68
69 <bridgehead renderas="sect4">Optional</bridgehead>
70
71
72-->
73 </sect2>
74
75 <sect2 role="installation">
76 <title>Installation of Sudo</title>
77
78 <para>Install <application>sudo</application> by running
79 the following commands:</para>
80
81<screen><userinput>sed -i -e 's/CDPATH",/&amp;\n "SHELLOPTS",\n "PS4",/' env.c
82./configure --prefix=/usr --libexecdir=/usr/lib \
83 --enable-noargs-shell --with-ignore-dot --with-all-insults \
84 --enable-shell-sets-home &amp;&amp;
85make</userinput></screen>
86
87 <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
88
89<screen role="root"><userinput>make install</userinput></screen>
90
91 </sect2>
92
93 <sect2 role="commands">
94 <title>Command Explanations</title>
95
96 <para><command>sed -i -e 's/CDPATH",/&amp;\n "SHELLOPTS",\n "PS4",/'
97 env.c</command>: This command adds two envronment variables to a list of
98 variables to be excluded from the target environment. It solves a
99 security problem.</para>
100
101 <para><option>--enable-noargs-shell</option>: This switch allows sudo to
102 run a shell if involked with no arguments.</para>
103
104 <para><option>--with-ignore-dot</option>: This switch causes
105 <application>sudo</application> to ignore '.' in the PATH.</para>
106
107 <para><option>--with-all-insults</option>: This switch includes all the
108 sudo insult sets.</para>
109
110 <para><option>--enable-shell-sets-home</option>: This switch sets HOME to
111 the target user in shell mode.</para>
112
113 <note><para>There are many options to <application>sudo</application>'s
114 configure command. Check the <command>configure --help</command> output
115 for a complete list.</para></note>
116
117 </sect2>
118
119 <sect2 role="configuration">
120 <title>Configuring Sudo</title>
121
122 <sect3 id="sudo-config">
123 <title>Config File</title>
124
125 <para><filename>/etc/sudoers</filename></para>
126
127 <indexterm zone="sudo sudo-config">
128 <primary sortas="e-etc-sudoers">/etc/sudoers</primary>
129 </indexterm>
130
131 </sect3>
132
133 <sect3>
134 <title>Configuration Information</title>
135
136 <para>The <filename>sudoers</filename> file can be quite complicated. It
137 is composed of two types of entries: aliases (basically variables) and
138 user specifications (which specify who may run what). The installation
139 installs a default configuration that has no privileges installed for any
140 user.</para>
141
142 <para>One example usage is to allow the system administrator to execute
143 any program without typing a password each time root privileges are
144 needed. This can be configured as:</para>
145
146 <screen># User alias specification
147User_Alias ADMIN = YourLoginId
148
149# Allow people in group ADMIN to run all commands without a password
150ADMIN ALL = NOPASSWD: ALL</screen>
151
152 <para>For details, see <command>man sudoers</command>.</para>
153
154 </sect3>
155
156 </sect2>
157
158 <sect2 role="content">
159 <title>Contents</title>
160
161 <segmentedlist>
162 <segtitle>Installed Programs</segtitle>
163 <segtitle>Installed Library</segtitle>
164 <segtitle>Installed Directories</segtitle>
165
166 <seglistitem>
167 <seg>sudo and sudoedit</seg>
168 <seg>sudo_noexec.so</seg>
169 <seg>None</seg>
170 </seglistitem>
171 </segmentedlist>
172
173 <variablelist>
174 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
175 <?dbfo list-presentation="list"?>
176 <?dbhtml list-presentation="table"?>
177
178 <varlistentry id="sudo_prog">
179 <term><command>sudo</command></term>
180 <listitem>
181 <para>executes a command as another user as permitted by
182 the <filename>/etc/sudoers</filename> confiuration file.
183 </para>
184 <indexterm zone="sudo sudo">
185 <primary sortas="b-sudo">sudo</primary>
186 </indexterm>
187 </listitem>
188 </varlistentry>
189
190 <varlistentry id="sudoedit">
191 <term><command>sudoedit</command></term>
192 <listitem>
193 <para>is a hard link to <command>sudo</command> that implies
194 the -e option to invoke an editor as another user.</para>
195 <indexterm zone="sudo sudoedit">
196 <primary sortas="b-sudoedit">sudoedit</primary>
197 </indexterm>
198 </listitem>
199 </varlistentry>
200
201 <varlistentry id="sudo_noexec">
202 <term><filename class='libraryfile'>sudo_noexec.so</filename></term>
203 <listitem>
204 <para>enables support for the "noexec" functionality which prevents
205 a dynamically-linked program being run by sudo from executing
206 another program (think shell escapes).</para>
207 <indexterm zone="sudo sudo_noexec">
208 <primary sortas="c-sudo_noexec">sudo_noexec.so</primary>
209 </indexterm>
210 </listitem>
211 </varlistentry>
212
213 </variablelist>
214
215 </sect2>
216
217</sect1>
Note: See TracBrowser for help on using the repository browser.