don't have them configured). To disable the shadow password support,
use the --disable-shadow option to configure.
-Shadow passwords are supported on the following platforms:
+Shadow passwords are known to work on the following platforms:
SunOS 4.x
Solaris 2.x
HP-UX >= 9.x
Ultrix 4.x
- Digital UNIX 3.x and 4.x
- IRIX 5.x and 6.x
- AIX 3.2.x ad 4.x
+ Digital UNIX
+ IRIX >= 5.x
+ AIX >= 3.2.x
ConvexOS with C2 security (not tested recently)
Linux
- SCO 3.2.2
+ SCO >= 3.2.2
Pyramid DC/OSx
UnixWare
SVR4 (and variants using standard SVR4 shadow passwords)
4.4BSD based systems (including OpenBSD, NetBSD, FreeBSD, and BSD/OS)
OS's using SecureWare's C2 security.
-Mixing password authentication schemes
-======================================
-
-It is possible to build sudo with support for several authentication
-schemes, including shadow passwords, kerberos, s/key, AFS, DCE and
-normal UN*X passwords into a single binary. User validation will
-take slightly longer, of course, but it may be valuable to have a
-single sudo binary that is distributed among systems with varying
-authentication mechanisms. The exception to this rule is SecurID
-which must be the only authentication mechanism used.
-
OS dependent notes
==================
-sudo porting hints:
+Sudo porting hints
+==================
Before trying to port sudo to a new architecture, please join the
-sudo-workers mailing list (see the README) and ask if anyone has
-a port working or in-progress.
-
-Sudo should be fairly easy to port. In fact, now that it uses a configure
-script, most of the work should be done for you.
+sudo-workers mailing list (see the README) and ask if anyone has a
+port working or in-progress. Sudo should be fairly easy to port.
+Since it uses a configure script, most of the work should be done
+for you.
If your OS is an SVR4 derivative (or some approximation thereof), it may
be sufficient to tell configure you are runnng SVR4, something like:
allow one to change the shared library path. See badenv_table() in
sudo.c to see how this is done for various OS's.
-It is possible that on a really weird system, tgetpass() may not compile.
-(The most common cause for this is that the "fd_set" type is not
-defined in a place that sudo expects it to be. If you can fine the
-header file where "fd_set" is typedef'd, have tgetpass.c include
-it and send in a bug report.)
-Alternately, it may compile but not work (nothing happens at Password: prompt).
-It is possible that your C library contains a broken or unusable crypt()
-function--try linking with -lcrypt if that exists. Another possibility
-is that select() is not fully functional; running configure with
---with-password-timeout=0 will disable the use of select().
+It is possible that on a really weird system, tgetpass() may not
+compile. (The most common cause for this is that the "fd_set" type
+is not defined in a place that sudo expects it to be. If you can
+find the header file where "fd_set" is typedef'd, have tgetpass.c
+include it and send in a bug report.)
+Alternately, tgetpass.c may compile but not work (nothing happens
+at the Password: prompt). It is possible that your C library
+contains a broken or unusable crypt() function--try linking with
+-lcrypt if that exists. Another possibility is that select() is
+not fully functional; running configure with --with-password-timeout=0
+will disable the use of select().
If you are trying to port to a system without standard Berkeley
networking you may find that interfaces.c will not compile. This
is most likely on OS's with STREAMS-based networking. It should be
possible to make it work by modifying the ISC streams support
(see the _ISC #ifdef's). However, if you don't care about ip address
-and network address support, you can just define STUB_LOAD_INTERFACES
-to get a do-nothing load_interfaces() stub function.
+and network address support, you can just run configure with the
+--without-interfaces flag to get a do-nothing load_interfaces() stub function.
If you port sudo to a new architecture, please send the output of
-"configure" and your changes to:
+"configure", the config.log file and your changes to:
sudo-bugs@courtesan.com
+
+If you are unable to get sudo working, and you are willing to
+give me an account on a machine, send mail to sudo-bugs@courtesan.com.
+Note, however, that I can't make any promises.
Before you try and build sudo, *please* make sure you have the current
version. The latest sudo may always be gotten via anonymous ftp
from ftp.courtesan.com in the directory /pub/sudo/.
-The distribution is cu-sudo.vM.m.tar.Z where `M' is the major
+The distribution is sudo-M.m.tar.gz where `M' is the major
version number and `m' is the minor version number.
BETA versions of sudo may also be available. If you join
the `sudo-workers' mailing list you will get the BETA announcements
System requirements
===================
Sudo requires a machine running UN*X (most flavors of BSD, SYSV,
-or POSIX will do), a C compiler, and the make utility.
+or POSIX will do), a working C compiler, and the make utility.
If you wish to modify the parser then you will need flex version
2.5.2 or later and a version of bison or yacc (sudo comes with a
ftp://prep.ai.mit.edu/pub/gnu/bison* or any GNU mirror.
Building the release
-===================
+====================
Please read the installation guide in the `INSTALL' file before
-trying to build sudo. Things have changed quite a bit from the
-previous release (1.5.6). The `RUNSON' file contains a list of
-of platforms that this version of sudo is known to work on. If you
+trying to build sudo. The `RUNSON' file contains a list of of
+platforms that this version of sudo is known to work on. If you
can add to this list, please send mail to sudo-bugs@courtesan.com.
If something goes wrong you may want to refer to the `TROUBLESHOOTING'
file.
===========
A list of known bugs may be found in the `BUGS' file.
Please send (new) bugs, problems, comments, features, ports, etc to
-sudo-bugs@courtesan.com. Also, please read over the `TROUBLESHOOTING'
-file before submitting a bug report.
+sudo-bugs@courtesan.com. Please read over the `TROUBLESHOOTING'
+file *before* submitting a bug report. When reporting bugs, please
+be sure to include the version of sudo you are using as well as the
+platform you are running it on.
19) Sudo should have a separate error message for when the user is in sudoers
but not allowed to run stuff on that host, and send mail.
+
+20) Use getrlimit() in preference to getconf()
+
+21) Include a syslog.conf sample
depending whether you want to forward the messages to another
host or keep them locally. Don't forget to send a SIGHUP to
your syslogd so that it re-reads its conf file. Also, remember
- that syslogd does not create log files, you need to create the
- file before syslogd will log to it (ie: touch /var/adm/sudo.log).
+ that syslogd does *not* create log files, you need to create the
+ file before syslogd will log to it (ie: touch /var/log/sudo.log).
Note: the facility ("local2.debug") must be separated from the
destination ("/var/adm/sudo.log" or "@loghost") by
tabs, *not* spaces. This is a common error.
to guard against shared library spoofing, shell voodoo, and
kerberos server spoofing.
IFS
+ LOCALDOMAIN
+ RES_OPTIONS
+ HOSTALIASES
ENV
BASH_ENV
LD_*
KRB_CONF (kerb4 only)
KRB5_CONFIG (kerb5 only)
-Q) I modified parse.lex but the Makefile is not generating a new
- lex.yy.c.
-A) You need to uncomment the rule in Makefile (or Makefile.in)
- that generates lex.yy.c from parse.lex. This is not enable
- by default since sudo comes with a pre-flex'd parse.lex.
- May sure you are using flex version 2.5.2 or higher--the
- lex that came with your OS may not like parse.lex.
-
Q) How can I keep sudo from asking for a password?
-A) Use the 'NOPASSWD' reserved word right before the command list in
- sudoers. See the sudoers man page and sample.sudoers for details.
+A) To specify this on a per-user (and per-command) basis, use the 'NOPASSWD'
+ tag right before the command list in sudoers. See the sudoers man page
+ and sample.sudoers for details. To disable passwords completely,
+ run configure with the --without-passwd option.
Q) When I run configure, it dies with the following error:
"no acceptable cc found in $PATH".
Note that "make realclean" will also remove any object files
and configure temp files that are laying around as well.
-Q) I built sudo on a Solaris 2.5 machine but the resulting binary
- doesn't work on Solaris 2.4. Why?
-A) Sun added many of the BSD library functions from -lucb into
- libc for Solaris 2.5. To generate a sudo binary on Solaris 2.5
- that will run on Solaris 2.4 just add "getwd.o" to LIBOBJS
- in the Makefile and recompile.
-
-Q) When I compile sudo on Solaris with gcc I get:
- logging.c: In function `send_mail':
- logging.c:448: storage size of `action' isn't known
- *** Error code 1
-A) You probably didn't install the gcc-fixed include files.
- Try adding -D__EXTENSIONS__ to CFLAGS in the Makefile.
+Q) I built sudo on a Solaris >= 2.6 machine but the resulting binary
+ doesn't work on Solaris <= 2.5.1. Why?
+A) Starting with Solaris 2.6, snprintf(3) is included in the standard
+ C library. To build a version of sudo on a >= 2.6 machine that
+ will run on a <= 2.5.1 machine, edit config.h and comment out the lines:
+ #define HAVE_SNPRINTF 1
+ #define HAVE_VSNPRINTF 1
+ and run make.
Q) When I run "visudo" it says "sudoers file busy, try again later."
and doesn't do anything.
projects / sudo / commitdiff