Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#4771 closed enhancement (fixed)

sudo-1.8.10

Reported by: Fernando de Oliveira Owned by: Fernando de Oliveira
Priority: normal Milestone: 7.6
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

Change History (16)

comment:1 by Fernando de Oliveira, 8 years ago

Owner: changed from blfs-book@… to Fernando de Oliveira
Status: newassigned

comment:2 by Fernando de Oliveira, 8 years ago

--with-timedir=DIR deprecated

use now:

  --with-rundir=DIR
        Set the directory to be used for sudo-specific files that
        do not survive a system reboot.  This is typically where
        the time stamp directory is located.  By default, configure
        will use the first existing directory in the following list:
	    /var/run, /var/db, /var/lib, /var/adm, /usr/adm
	This directory should be cleared when the system reboots.
	On systems that lack /var/run, the default rundir and vardir
	may be the same.  In this case, only the ts directory inside
	the rundir needs to be cleared at boot time.

Since we have /var/run and it apparently is cleared on reboot, I can replace

--with-timedir=/var/lib/sudo

by

--with-rundir=/var/run/sudo

Or, as suggested, just remove --with-timedir and leave the application use its defaults.

As this is a security issue, I will sopt with sudo and go to another package, while waiting some input, please.

Thanks in advance.

comment:3 by Fernando de Oliveira, 8 years ago

Forgot: was it decided to leave sudo with --libexec?

in reply to:  3 comment:4 by Pierre Labastie, 8 years ago

Replying to fo:

Forgot: was it decided to leave sudo with --libexec?

Looks like it has been forgotten, since the installed directories line has /usr/libexec/sudo.

comment:5 by Pierre Labastie, 8 years ago

About rundir: I think configure adds sudo, that is, if you input:

--with-rundir=/some/path

you'll end up with the timestamp parent dir being /some/path/sudo. So, I think the default is OK.

comment:6 by Fernando de Oliveira, 8 years ago

OK. Thanks, Pierre

comment:7 by bdubbs@…, 8 years ago

What's the default for rundir? How about using /run/sudo?

comment:8 by Fernando de Oliveira, 8 years ago

Default: /var/run/sudo

--with-rundir=/var/run/sudo: same as default

--with-rundir=/run/sudo: as the value indicates (/run/sudo)

--with-rundir=/run: /run (no "sudo' created, if not explicitly written, unless they are the defaults).

The deprecated hada in the book the explanation:

"--with-timedir=/var/lib/sudo: This switch places the variable time stamp files in a FHS compatible location."

The reason I asked was if there is some FHS rule for the new variable or some particularity from (B)LFS to not be in the default /var/run/sudo.

My preference, if there is no special reason, is /var/run/sudo. The developpers there like /var/run. Even there is a new directory /var/db/sudo.

So, Bruce, if you do not have a special reason, I would prefer /var/run/sudo (default, no switches, no explanations needed at the text).

What do you think?

comment:9 by bdubbs@…, 8 years ago

That's OK, but remember /var/run -> /run. I just wanted to be direct.

comment:10 by Fernando de Oliveira, 8 years ago

Understood, if a switch was needed, I would put that, then. Good enough reason, being direct. When time comes, will use this advice. Thanks.

comment:11 by Fernando de Oliveira, 8 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r12852.

comment:12 by ken@…, 8 years ago

Replying, belatedly, to Fernando and Pierre about libexecdir :

I reinstated it with the following command explanation: --libexecdir=/usr/lib/sudo: This switch controls where private programs are installed. Everything in that directory is a library, so they belong under /usr/lib instead of /usr/libexec.

And yes, I did forget to check the list of directories. I still think that libs don't belong in /usr/libexec (I'm taking a *pedantic* view of the FHS, since I believe it is intended for pedants :-) but Bruce queried this - thread at http://www.mail-archive.com/blfs-dev@linuxfromscratch.org/msg16480.html and I'm not going to press the point.

The people doing the work (that's you guys, until you burn out) get to make the decisions. Whether I agree with them, or use them in my own builds, is neither here nor there. Live Long And Prosper!

comment:13 by Fernando de Oliveira, 8 years ago

Resolution: fixed
Status: closedreopened

comment:14 by Fernando de Oliveira, 8 years ago

Will get it back to what you intended. Sorry for undoing your work.

Last edited 8 years ago by Fernando de Oliveira (previous) (diff)

comment:15 by Fernando de Oliveira, 8 years ago

Resolution: fixed
Status: reopenedclosed

Thanks. Switch is back at r12854.

comment:16 by Fernando de Oliveira, 8 years ago

LLAP!

Note: See TracTickets for help on using tickets.