source: postlfs/security/sudo.xml@ 9f12e36

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since 9f12e36 was 9f12e36, checked in by Randy McMurchy <randy@…>, 18 years ago

Removed 'keywordset' blocks and extra spaces from the XML files (note this was by accident as I meant to do just in the gnome directory but I was in the root of BOOK when I ran the script, but this was going to happen anyway so I don't think it is a big deal)

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@6192 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 8.3 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
3 "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!-- Inserted as a reminder to do this. The mention of a test suite
8 is usually right before the root user installation commands. Please
9 delete these 12 (including one blank) lines after you are done.-->
10
11 <!-- Use one of the two mentions below about a test suite,
12 delete the line that is not applicable. Of course, if the
13 test suite uses syntax other than "make check", revise the
14 line to reflect the actual syntax to run the test suite -->
15
16 <!-- <para>This package does not come with a test suite.</para> -->
17 <!-- <para>To test the results, issue: <command>make check</command>.</para> -->
18
19 <!ENTITY sudo-download-http "http://www.courtesan.com/sudo/dist/sudo-&sudo-version;.tar.gz">
20 <!ENTITY sudo-download-ftp " ">
21 <!ENTITY sudo-md5sum "b29893c06192df6230dd5f340f3badf5">
22 <!ENTITY sudo-size "576 KB">
23 <!ENTITY sudo-buildsize "3.6 MB">
24 <!ENTITY sudo-time "less than 0.1 SBU">
25]>
26
27<sect1 id="sudo" xreflabel="sudo-&sudo-version;">
28 <?dbhtml filename="sudo.html"?>
29
30 <sect1info>
31 <othername>$LastChangedBy$</othername>
32 <date>$Date$</date>
33 </sect1info>
34
35 <title>Sudo-&sudo-version;</title>
36
37 <indexterm zone="sudo">
38 <primary sortas="a-sudo">sudo</primary>
39 </indexterm>
40
41 <sect2 role="package">
42 <title>Introduction to Sudo</title>
43
44 <para>The <application>sudo</application> package allows a system
45 administrator to give certain users (or groups of users) the ability to run
46 some (or all) commands as
47 <systemitem class="username">root</systemitem> or another user while
48 logging the commands and arguments.</para>
49
50 <bridgehead renderas="sect3">Package Information</bridgehead>
51 <itemizedlist spacing="compact">
52 <listitem>
53 <para>Download (HTTP): <ulink url="&sudo-download-http;"/></para>
54 </listitem>
55 <listitem>
56 <para>Download (FTP): <ulink url="&sudo-download-ftp;"/></para>
57 </listitem>
58 <listitem>
59 <para>Download MD5 sum: &sudo-md5sum;</para>
60 </listitem>
61 <listitem>
62 <para>Download size: &sudo-size;</para>
63 </listitem>
64 <listitem>
65 <para>Estimated disk space required: &sudo-buildsize;</para>
66 </listitem>
67 <listitem>
68 <para>Estimated build time: &sudo-time;</para>
69 </listitem>
70 </itemizedlist>
71
72 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
73 <itemizedlist spacing='compact'>
74 <listitem>
75 <para>Required patch: <ulink
76 url="&patch-root;/sudo-&sudo-version;-envvar_fix-1.patch"/></para>
77 </listitem>
78 </itemizedlist>
79<!--
80 <bridgehead renderas="sect3">Sudo Dependencies</bridgehead>
81
82 <bridgehead renderas="sect4">Optional</bridgehead>
83-->
84
85 <para condition="html" role="usernotes">User Notes:
86 <ulink url="&blfs-wiki;/sudo"/></para>
87
88 </sect2>
89
90 <sect2 role="installation">
91 <title>Installation of Sudo</title>
92
93 <para>Install <application>sudo</application> by running
94 the following commands:</para>
95
96<screen><userinput>patch -Np1 -i ../sudo-&sudo-version;-envvar_fix-1.patch &amp;&amp;
97./configure --prefix=/usr --libexecdir=/usr/lib \
98 --enable-noargs-shell --with-ignore-dot --with-all-insults \
99 --enable-shell-sets-home &amp;&amp;
100make</userinput></screen>
101
102 <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
103
104<screen role="root"><userinput>make install</userinput></screen>
105
106 </sect2>
107
108 <sect2 role="commands">
109 <title>Command Explanations</title>
110
111 <para><option>--enable-noargs-shell</option>: This switch allows
112 <application>sudo</application> to run a shell if invoked with no
113 arguments.</para>
114
115 <para><option>--with-ignore-dot</option>: This switch causes
116 <application>sudo</application> to ignore '.' in the PATH.</para>
117
118 <para><option>--with-all-insults</option>: This switch includes all the
119 <application>sudo</application> insult sets.</para>
120
121 <para><option>--enable-shell-sets-home</option>: This switch sets HOME to
122 the target user in shell mode.</para>
123
124 <note>
125 <para>There are many options to <application>sudo</application>'s
126 <command>configure</command> command. Check the
127 <command>configure --help</command> output for a complete list.</para>
128 </note>
129
130 </sect2>
131
132 <sect2 role="configuration">
133 <title>Configuring Sudo</title>
134
135 <sect3 id="sudo-config">
136 <title>Config File</title>
137
138 <para><filename>/etc/sudoers</filename></para>
139
140 <indexterm zone="sudo sudo-config">
141 <primary sortas="e-etc-sudoers">/etc/sudoers</primary>
142 </indexterm>
143
144 </sect3>
145
146 <sect3>
147 <title>Configuration Information</title>
148
149 <para>The <filename>sudoers</filename> file can be quite complicated. It
150 is composed of two types of entries: aliases (basically variables) and
151 user specifications (which specify who may run what). The installation
152 installs a default configuration that has no privileges installed for any
153 user.</para>
154
155 <para>One example usage is to allow the system administrator to execute
156 any program without typing a password each time root privileges are
157 needed. This can be configured as:</para>
158
159 <screen># User alias specification
160User_Alias ADMIN = YourLoginId
161
162# Allow people in group ADMIN to run all commands without a password
163ADMIN ALL = NOPASSWD: ALL</screen>
164
165 <para>For details, see <command>man sudoers</command>.</para>
166
167 <note>
168 <para>The <application>Sudo</application> developers highly recommend
169 using the <command>visudo</command> program to edit the
170 <filename>sudoers</filename> file. This will provide basic sanity
171 checking like syntax parsing and file permission to avoid some possible
172 mistakes that could lead to a vulnerable configuration.</para>
173 </note>
174
175 </sect3>
176
177 </sect2>
178
179 <sect2 role="content">
180 <title>Contents</title>
181
182 <segmentedlist>
183 <segtitle>Installed Programs</segtitle>
184 <segtitle>Installed Library</segtitle>
185 <segtitle>Installed Directories</segtitle>
186
187 <seglistitem>
188 <seg>sudo, sudoedit, and visudo</seg>
189 <seg>sudo_noexec.so</seg>
190 <seg>None</seg>
191 </seglistitem>
192 </segmentedlist>
193
194 <variablelist>
195 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
196 <?dbfo list-presentation="list"?>
197 <?dbhtml list-presentation="table"?>
198
199 <varlistentry id="sudo_prog">
200 <term><command>sudo</command></term>
201 <listitem>
202 <para>executes a command as another user as permitted by
203 the <filename>/etc/sudoers</filename> configuration file.
204 </para>
205 <indexterm zone="sudo sudo">
206 <primary sortas="b-sudo">sudo</primary>
207 </indexterm>
208 </listitem>
209 </varlistentry>
210
211 <varlistentry id="sudoedit">
212 <term><command>sudoedit</command></term>
213 <listitem>
214 <para>is a hard link to <command>sudo</command> that implies
215 the <option>-e</option> option to invoke an editor as another
216 user.</para>
217 <indexterm zone="sudo sudoedit">
218 <primary sortas="b-sudoedit">sudoedit</primary>
219 </indexterm>
220 </listitem>
221 </varlistentry>
222
223 <varlistentry id="visudo">
224 <term><command>visudo</command></term>
225 <listitem>
226 <para>allows for safer editing of the <filename>sudoers</filename>
227 file.</para>
228 <indexterm zone="sudo visudo">
229 <primary sortas="b-visudo">visudo</primary>
230 </indexterm>
231 </listitem>
232 </varlistentry>
233
234
235 <varlistentry id="sudo_noexec">
236 <term><filename class='libraryfile'>sudo_noexec.so</filename></term>
237 <listitem>
238 <para>enables support for the "noexec" functionality which prevents
239 a dynamically-linked program being run by sudo from executing
240 another program (think shell escapes).</para>
241 <indexterm zone="sudo sudo_noexec">
242 <primary sortas="c-sudo_noexec">sudo_noexec.so</primary>
243 </indexterm>
244 </listitem>
245 </varlistentry>
246
247 </variablelist>
248
249 </sect2>
250
251</sect1>
Note: See TracBrowser for help on using the repository browser.