--with-project enable Solaris project support
--without-lecture don't print lecture for first-time sudoer
--with-logging log via syslog, file, or both
- --with-logfac syslog facility to log with (default is "local2")
+ --with-logfac syslog facility to log with (default is "auth")
--with-goodpri syslog priority for commands (def is "notice")
--with-badpri syslog priority for failures (def is "alert")
--with-logpath path to the sudo log file
passprompt="Password:"
long_otp_prompt=off
lecture=once
-logfac=local2
+logfac=auth
goodpri=notice
badpri=alert
loglen=80
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking which syslog facility sudo should log with" >&5
-$as_echo_n "checking which syslog facility sudo should log with... " >&6; }
# Check whether --with-logfac was given.
if test "${with_logfac+set}" = set; then :
fi
-cat >>confdefs.h <<_ACEOF
-#define LOGFAC "$logfac"
-_ACEOF
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $logfac" >&5
-$as_echo "$logfac" >&6; }
-
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking at which syslog priority to log commands" >&5
$as_echo_n "checking at which syslog priority to log commands... " >&6; }
else
lt_cv_nm_interface="BSD nm"
echo "int some_variable = 0;" > conftest.$ac_ext
- (eval echo "\"\$as_me:6575: $ac_compile\"" >&5)
+ (eval echo "\"\$as_me:6566: $ac_compile\"" >&5)
(eval "$ac_compile" 2>conftest.err)
cat conftest.err >&5
- (eval echo "\"\$as_me:6578: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
+ (eval echo "\"\$as_me:6569: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
(eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
cat conftest.err >&5
- (eval echo "\"\$as_me:6581: output\"" >&5)
+ (eval echo "\"\$as_me:6572: output\"" >&5)
cat conftest.out >&5
if $GREP 'External.*some_variable' conftest.out > /dev/null; then
lt_cv_nm_interface="MS dumpbin"
;;
*-*-irix6*)
# Find out which ABI we are using.
- echo '#line 7786 "configure"' > conftest.$ac_ext
+ echo '#line 7777 "configure"' > conftest.$ac_ext
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:9178: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:9169: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:9182: \$? = $ac_status" >&5
+ echo "$as_me:9173: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:9517: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:9508: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:9521: \$? = $ac_status" >&5
+ echo "$as_me:9512: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:9622: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:9613: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:9626: \$? = $ac_status" >&5
+ echo "$as_me:9617: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:9677: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:9668: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:9681: \$? = $ac_status" >&5
+ echo "$as_me:9672: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
-#line 12044 "configure"
+#line 12035 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
-#line 12140 "configure"
+#line 12131 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
fi
fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking which syslog facility sudo should log with" >&5
+$as_echo_n "checking which syslog facility sudo should log with... " >&6; }
+if test X"$with_logfac" = X""; then
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <syslog.h>
+int
+main ()
+{
+int i = LOG_AUTHPRIV; (void)i;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ logfac=authpriv
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define LOGFAC "$logfac"
+_ACEOF
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $logfac" >&5
+$as_echo "$logfac" >&6; }
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
$as_echo_n "checking for ANSI C header files... " >&6; }
if test "${ac_cv_header_stdc+set}" = set; then :
passprompt="Password:"
long_otp_prompt=off
lecture=once
-logfac=local2
+logfac=auth
goodpri=notice
badpri=alert
loglen=80
;;
esac], [AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog)])
-AC_MSG_CHECKING(which syslog facility sudo should log with)
-AC_ARG_WITH(logfac, [AS_HELP_STRING([--with-logfac], [syslog facility to log with (default is "local2")])],
+AC_ARG_WITH(logfac, [AS_HELP_STRING([--with-logfac], [syslog facility to log with (default is "auth")])],
[case $with_logfac in
yes) AC_MSG_ERROR(["must give --with-logfac an argument."])
;;
*) AC_MSG_ERROR(["$with_logfac is not a supported syslog facility."])
;;
esac])
-AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.])
-AC_MSG_RESULT($logfac)
AC_MSG_CHECKING(at which syslog priority to log commands)
AC_ARG_WITH(goodpri, [AS_HELP_STRING([--with-goodpri], [syslog priority for commands (def is "notice")])],
SUDO_PROG_VI
fi
dnl
+dnl Check for authpriv support in syslog
+dnl
+AC_MSG_CHECKING(which syslog facility sudo should log with)
+if test X"$with_logfac" = X""; then
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <syslog.h>]], [[int i = LOG_AUTHPRIV; (void)i;]])], [logfac=authpriv])
+fi
+AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.])
+AC_MSG_RESULT($logfac)
+dnl
dnl Header file checks
dnl
AC_HEADER_STDC
messages.
A) Make sure you have an entry in your syslog.conf file to save
the sudo messages (see the sample.syslog.conf file). The default
- log facility is local2 (changeable via configure). Don't forget
- to send a SIGHUP to your syslogd so that it re-reads its conf file.
- Also, remember that syslogd does *not* create log files, you need to
- create the file before syslogd will log to it (ie: touch /var/log/sudo).
- Note: the facility ("local2.debug") must be separated from the
- destination ("/var/adm/sudo.log" or "@loghost") by
+ log facility is authpriv (changeable via configure or in sudoers).
+ Don't forget to send a SIGHUP to your syslogd so that it re-reads
+ its conf file. Also, remember that syslogd does *not* create
+ log files, you need to create the file before syslogd will log
+ to it (ie: touch /var/log/sudo).
+ Note: the facility (e.g. "auth.debug") must be separated from the
+ destination (e.g. "/var/log/auth" or "@loghost") by
tabs, *not* spaces. This is a common error.
Q) When sudo asks me for my password it never accepts what I enter even
# This is a sample syslog.conf fragment for use with Sudo.
#
-# Sudo logs to local2 by default, but this is changable via the
-# --with-logfac configure option. To see what syslog facility
-# a sudo binary uses, run `sudo -V' as *root*. You may have
-# to check /usr/include/syslog.h to map the facility number to
-# a name.
+# By default, sudo logs to "authpriv" if your system supports it, else it
+# uses "auth". The facility can be set via the --with-logfac configure
+# option or in the sudoers file.
+# To see what syslog facility a sudo binary uses, run `sudo -V' as *root*.
#
# NOTES:
# The whitespace in the following line is made up of <TAB>
# create the file before syslogd will log to it. Eg.
# 'touch /var/log/sudo'
-# This logs successful and failed sudo attempts to the file /var/log/sudo
-local2.debug /var/log/sudo
+# This logs successful and failed sudo attempts to the file /var/log/auth
+# If your system has the authpriv syslog facility, use authpriv.debug
+auth.debug /var/log/auth
# To log to a remote machine, use something like the following,
# where "loghost" is the name of the remote machine.
-local2.debug @loghost
+# If your system has the authpriv syslog facility, use authpriv.debug
+auth.debug @loghost
projects / sudo / commitdiff