source: postlfs/security/sudo.xml@ e19ad480

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since e19ad480 was e19ad480, checked in by Manuel Canales Esparcia <manuel@…>, 18 years ago

Adding automatized scripts generation related tags. Postlfs part.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@5370 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 7.0 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
3 "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY sudo-download-http "http://www.courtesan.com/sudo/dist/sudo-&sudo-version;.tar.gz">
8 <!ENTITY sudo-download-ftp " ">
9 <!ENTITY sudo-md5sum "b29893c06192df6230dd5f340f3badf5">
10 <!ENTITY sudo-size "576 KB">
11 <!ENTITY sudo-buildsize "3.6 MB">
12 <!ENTITY sudo-time "less than 0.1 SBU">
13]>
14
15<sect1 id="sudo" xreflabel="sudo-&sudo-version;">
16 <?dbhtml filename="sudo.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 <keywordset>
22 <keyword role="package">sudo-&sudo-version;.tar</keyword>
23 <keyword role="ftptdir">sudo</keyword>
24 </keywordset>
25 </sect1info>
26
27 <title>Sudo-&sudo-version;</title>
28
29 <indexterm zone="sudo">
30 <primary sortas="a-sudo">sudo</primary>
31 </indexterm>
32
33 <sect2 role="package">
34 <title>Introduction to Sudo</title>
35
36 <para>The <application>sudo</application> package allows a system
37 administrator to give certain users (or groups of users) the ability to run
38 some (or all) commands as root or another user while logging the commands
39 and arguments.</para>
40
41 <bridgehead renderas="sect3">Package Information</bridgehead>
42 <itemizedlist spacing="compact">
43 <listitem>
44 <para>Download (HTTP): <ulink url="&sudo-download-http;"/></para>
45 </listitem>
46 <listitem>
47 <para>Download (FTP): <ulink url="&sudo-download-ftp;"/></para>
48 </listitem>
49 <listitem>
50 <para>Download MD5 sum: &sudo-md5sum;</para>
51 </listitem>
52 <listitem>
53 <para>Download size: &sudo-size;</para>
54 </listitem>
55 <listitem>
56 <para>Estimated disk space required: &sudo-buildsize;</para>
57 </listitem>
58 <listitem>
59 <para>Estimated build time: &sudo-time;</para>
60 </listitem>
61 </itemizedlist>
62
63<!--
64 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
65 <itemizedlist spacing='compact'>
66 <listitem>
67 <para>Required patch: <ulink
68 url="&patch-root;/sudo-&sudo-version;-xxxx-1.patch"/></para>
69 </listitem>
70 </itemizedlist>
71 <bridgehead renderas="sect3">Sudo Dependencies</bridgehead>
72
73 <bridgehead renderas="sect4">Optional</bridgehead>
74
75
76-->
77 </sect2>
78
79 <sect2 role="installation">
80 <title>Installation of Sudo</title>
81
82 <para>Install <application>sudo</application> by running
83 the following commands:</para>
84
85<screen><userinput>sed -i -e 's/CDPATH",/&amp;\n "SHELLOPTS",\n "PS4",/' env.c
86./configure --prefix=/usr --libexecdir=/usr/lib \
87 --enable-noargs-shell --with-ignore-dot --with-all-insults \
88 --enable-shell-sets-home &amp;&amp;
89make</userinput></screen>
90
91 <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
92
93<screen role="root"><userinput>make install</userinput></screen>
94
95 </sect2>
96
97 <sect2 role="commands">
98 <title>Command Explanations</title>
99
100 <para><command>sed -i -e 's/CDPATH",/&amp;\n "SHELLOPTS",\n "PS4",/'
101 env.c</command>: This command adds two envronment variables to a list of
102 variables to be excluded from the target environment. It solves a
103 security problem.</para>
104
105 <para><option>--enable-noargs-shell</option>: This switch allows sudo to
106 run a shell if involked with no arguments.</para>
107
108 <para><option>--with-ignore-dot</option>: This switch causes
109 <application>sudo</application> to ignore '.' in the PATH.</para>
110
111 <para><option>--with-all-insults</option>: This switch includes all the
112 sudo insult sets.</para>
113
114 <para><option>--enable-shell-sets-home</option>: This switch sets HOME to
115 the target user in shell mode.</para>
116
117 <note><para>There are many options to <application>sudo</application>'s
118 configure command. Check the <command>configure --help</command> output
119 for a complete list.</para></note>
120
121 </sect2>
122
123 <sect2 role="configuration">
124 <title>Configuring Sudo</title>
125
126 <sect3 id="sudo-config">
127 <title>Config File</title>
128
129 <para><filename>/etc/sudoers</filename></para>
130
131 <indexterm zone="sudo sudo-config">
132 <primary sortas="e-etc-sudoers">/etc/sudoers</primary>
133 </indexterm>
134
135 </sect3>
136
137 <sect3>
138 <title>Configuration Information</title>
139
140 <para>The <filename>sudoers</filename> file can be quite complicated. It
141 is composed of two types of entries: aliases (basically variables) and
142 user specifications (which specify who may run what). The installation
143 installs a default configuration that has no privileges installed for any
144 user.</para>
145
146 <para>One example usage is to allow the system administrator to execute
147 any program without typing a password each time root privileges are
148 needed. This can be configured as:</para>
149
150 <screen># User alias specification
151User_Alias ADMIN = YourLoginId
152
153# Allow people in group ADMIN to run all commands without a password
154ADMIN ALL = NOPASSWD: ALL</screen>
155
156 <para>For details, see <command>man sudoers</command>.</para>
157
158 </sect3>
159
160 </sect2>
161
162 <sect2 role="content">
163 <title>Contents</title>
164
165 <segmentedlist>
166 <segtitle>Installed Programs</segtitle>
167 <segtitle>Installed Library</segtitle>
168 <segtitle>Installed Directories</segtitle>
169
170 <seglistitem>
171 <seg>sudo and sudoedit</seg>
172 <seg>sudo_noexec.so</seg>
173 <seg>None</seg>
174 </seglistitem>
175 </segmentedlist>
176
177 <variablelist>
178 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
179 <?dbfo list-presentation="list"?>
180 <?dbhtml list-presentation="table"?>
181
182 <varlistentry id="sudo_prog">
183 <term><command>sudo</command></term>
184 <listitem>
185 <para>executes a command as another user as permitted by
186 the <filename>/etc/sudoers</filename> confiuration file.
187 </para>
188 <indexterm zone="sudo sudo">
189 <primary sortas="b-sudo">sudo</primary>
190 </indexterm>
191 </listitem>
192 </varlistentry>
193
194 <varlistentry id="sudoedit">
195 <term><command>sudoedit</command></term>
196 <listitem>
197 <para>is a hard link to <command>sudo</command> that implies
198 the -e option to invoke an editor as another user.</para>
199 <indexterm zone="sudo sudoedit">
200 <primary sortas="b-sudoedit">sudoedit</primary>
201 </indexterm>
202 </listitem>
203 </varlistentry>
204
205 <varlistentry id="sudo_noexec">
206 <term><filename class='libraryfile'>sudo_noexec.so</filename></term>
207 <listitem>
208 <para>enables support for the "noexec" functionality which prevents
209 a dynamically-linked program being run by sudo from executing
210 another program (think shell escapes).</para>
211 <indexterm zone="sudo sudo_noexec">
212 <primary sortas="c-sudo_noexec">sudo_noexec.so</primary>
213 </indexterm>
214 </listitem>
215 </varlistentry>
216
217 </variablelist>
218
219 </sect2>
220
221</sect1>
Note: See TracBrowser for help on using the repository browser.