before configuring and building sudo. You may also wish to read the
file INSTALL.configure which explains more about the `configure' script.
+System requirements
+===================
+
+To build sudo from the source distribution you need a POSIX-compliant
+operating system (any modern version of BSD, Linux or Unix should
+work), an ANSI/ISO C compiler that supports variadic marcos (a C99
+feature) as well as the ar, make and ranlib utilities.
+
+If you wish to modify the parser then you will need flex version
+2.5.2 or later and either bison or byacc (sudo comes with a
+pre-generated parser). You'll also have to run configure with the
+--with-devel option or pass DEVEL=1 to make. You can get flex from
+http://flex.sourceforge.net/. You can get GNU bison from
+ftp://ftp.gnu.org/pub/gnu/bison/ or any GNU mirror.
+
Simple sudo installation
========================
"gotchas" relating to your operating system.
2) `cd' to the source or build directory and type `./configure'
- to generate a Makefile and config.h file suitable for
- building sudo. Before you actually run configure you
- should read the `Available configure options' section
- to see if there are any special options you may want
- or need.
-
- 3) Edit the configure-generated Makefile if you wish to
- change any of the default paths (alternatively, you could
- have changed the paths via options to `configure'.
+ to generate a Makefile and config.h file suitable for building
+ sudo. Before you actually run configure you should read the
+ `Available configure options' section to see if there are
+ any special options you may want or need.
- 5) Type `make' to compile sudo. If you are building sudo
+ 4) Type `make' to compile sudo. If you are building sudo
in a separate build tree (apart from the sudo source) GNU
make will probably be required. If `configure' did its job
properly (and you have a supported configuration) there won't
be any problems. If this doesn't work, take a look at the
- TROUBLESHOOTING file for tips on what might have gone wrong.
- Please mail us if you have a fix or if you are unable to
- come up with a fix (address at EOF).
+ doc/TROUBLESHOOTING file for tips on what might have gone
+ wrong. Please mail us if you have a fix or if you are unable
+ to come up with a fix (address at EOF).
- 6) Type `make install' (as root) to install sudo, visudo, the
+ 5) Type `make install' (as root) to install sudo, visudo, the
man pages, and a skeleton sudoers file. Note that the install
will not overwrite an existing sudoers file. You can also
install various pieces the package via the install-binaries,
install-doc, and install-sudoers make targets.
- 7) Edit the sudoers file with `visudo' as necessary for your
+ 6) Edit the sudoers file with `visudo' as necessary for your
site. You will probably want to refer the sample.sudoers
file and sudoers man page included with the sudo package.
- 8) If you want to use syslogd(8) to do the logging, you'll need
+ 7) If you want to use syslogd(8) to do the logging, you'll need
to update your /etc/syslog.conf file. See the sample.syslog.conf
file included in the distribution for an example.
binary itself. This will also disable the noexec option
as it too relies on dynamic shared object support.
-Shadow password and C2 support
-==============================
-
-Shadow passwords (also included with most C2 security packages) are
-supported on most major platforms for which they exist. The
-`configure' script will attempt to determine if your system can use
-shadow passwords and include support for them if so. Shadow password
-support is now compiled in by default (it doesn't hurt anything if you
-don't have them configured). To disable the shadow password support,
-use the --disable-shadow option to configure.
-
-Shadow passwords are known to work on the following platforms:
-
- SunOS 4.x
- Solaris 2.x
- HP-UX >= 9.x
- Ultrix 4.x
- Digital UNIX
- IRIX >= 5.x
- AIX >= 3.2.x
- Linux
- SCO >= 3.2.2
- Pyramid DC/OSx
- UnixWare
- SVR4 (and variants using standard SVR4 shadow passwords)
- 4.4BSD based systems (including OpenBSD, NetBSD, FreeBSD, and Mac OS X)
- Systems using SecureWare's C2 security.
-
OS dependent notes
==================
-Linux:
- PAM and LDAP headers are not installed by default on most Linux
- systems. You will need to install the "pam-dev" package if
- /usr/include/security/pam_appl.h is not present on your system.
- If you wish to build with LDAP support you will also need the
- openldap-devel package.
-
- Versions of glibc 2.x previous to 2.0.7 have a broken lsearch().
- You will need to either upgrade to glibc-2.0.7 or use sudo's
- version of lsearch(). To use sudo's lsearch(), comment out
- the "#define HAVE_LSEARCH 1" line in config.h and add lsearch.o
- to the LIBOBJS line in the Makefile.
-
- If you are using a Linux kernel older than 2.4 it is not possible
- to access the sudoers file via NFS. This is due to a bug in
- the Linux client-side NFS implementation that has since been
- fixed. There is a workaround on the sudo ftp site, linux_nfs.patch,
- if you need to NFS-mount sudoers on older Linux kernels.
-
-Solaris:
- You need to have a C compiler in order to build sudo. Since
- Solaris does not come with one by default this means that you
- either need to either install the Solaris Studio compiler suite,
- available for free from www.oracle.com, or have a copy of the
- GNU C compiler (gcc) which is can be installed via the pkg
- utility on Solaris 11 and higher and is distributed on the
- Solaris Companion CD for older Solaris releases. You can also
- get them from various places on the net, including
- http://www.sunfreeware.com/
- NOTE: sudo will *not* build with the sun C compiler in BSD
- compatibility mode (/usr/ucb/cc). Sudo is designed to
- compile with the standard C compiler (or gcc) and will
- not build correctly with /usr/ucb/cc. You can set the
- CC environment variable to the non-ucb compiler when
- running `configure' if it is not the first cc in your
- path. Some sites link /usr/ucb/cc to gcc; configure will
- not notice this and still refuse to use /usr/ucb/cc, so
- make sure gcc is also in your path if your site is setup
- this way.
- Also: Older versions of Solaris come with a broken syslogd.
- If you have having problems with sudo logging you should
- make sure you have the latest syslogd patch installed.
- This is a problem for Solaris 2.4 and 2.5 at least.
- Sudo NLS support may not work properly with Solaris 11 due to
- how the runpath is specified in the locale-specific shared
- objects. See the TROUBLESHOOTING file for a workaround.
-
-Mac OS X:
- The pseudo-tty support in the Mac OS X kernel has bugs related
- to its handling of the SIGTSTP, SIGTTIN and SIGTTOU signals.
- It does not restart reads and writes when those signals are
- delivered. This may cause problems for some commands when I/O
- logging is enabled. The issue has been reported to Apple and
- is bug id #7952709.
-
HP-UX:
The default C compiler shipped with HP-UX is not an ANSI compiler.
You must use either the HP ANSI C compiler or gcc to build sudo.
sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login
-Digital UNIX:
- By default, sudo will use SIA (Security Integration Architecture)
- to validate a user. If you want to use an alternative authentication
- method that does not go through SIA, you need to use the
- --disable-sia option to configure. If you use gcc to compile
- you will get warnings when building interfaces.c. These are
- harmless but if they really bug you, you can edit
- /usr/include/net/if.h around line 123, right after the comment:
- /* forward decls for C++ */
- change the line:
- #ifdef __cplusplus
- to:
- #if defined(__cplusplus) || defined(__GNUC__)
- If you don't like the idea of editing the system header file
- you can just make a copy in gcc's private include tree and
- edit that.
-
-AIX 3.2.x:
- I've had various problems with the AIX C compiler producing
- incorrect code when the -O flag was used. When optimization
- is not used, the problems go away. Gcc does not appear
- to have this problem.
-
-SCO ODT:
- You'll probably need libcrypt_i.a available via anonymous ftp
- from sosco.sco.com. The necessary files are /SLS/lng225b.Z
- and /SLS/lng225b.ltr.Z.
+Linux:
+ PAM and LDAP headers are not installed by default on most Linux
+ systems. You will need to install the "pam-dev" package if
+ /usr/include/security/pam_appl.h is not present on your system.
+ If you wish to build with LDAP support you will also need the
+ openldap-devel package.
+
+Mac OS X:
+ The pseudo-tty support in the Mac OS X kernel has bugs related
+ to its handling of the SIGTSTP, SIGTTIN and SIGTTOU signals.
+ It does not restart reads and writes when those signals are
+ delivered. This may cause problems for some commands when I/O
+ logging is enabled. The issue has been reported to Apple and
+ is bug id #7952709.
+
+Solaris:
+ You need to have a C compiler in order to build sudo. Since
+ Solaris does not come with one by default this means that you
+ either need to either install the Solaris Studio compiler suite,
+ available for free from www.oracle.com, or install the GNU C
+ compiler (gcc) which is can be installed via the pkg utility
+ on Solaris 11 and higher and is distributed on the Solaris
+ Companion CD for older Solaris releases. You can also download
+ gcc packages from http://www.opencsw.org/packages/CSWgcc4core/
SunOS 4.x:
SunOS does not ship with an ANSI C compiler. You will need to
The /bin/sh shipped with SunOS blows up while running configure.
You can work around this by installing bash or zsh. If you
- have bash or zsh in your path, configure will use it instead
- automatically.
-
-ULTRIX 4.x:
- ULTRIX does not ship with an ANSI C compiler. You will need to
- install an ANSI compiler such as gcc to build sudo.
-
- The /bin/sh shipped with ULTRIX blows up while running configure.
- You can work around this by installing bash or zsh. If you
- have bash or zsh in your path, configure will use it instead
- automatically.
-
- ULTRIX ships with the 4.2BSD syslog(3) which does not
- allow things like logging different facilities to different
- files, redirecting logs to a single loghost and other niceties.
- You may want to just grab and install:
- ftp://www.sudo.ws/pub/sudo/misc/jtkohl-syslog-complete.tar.gz
- (available via anonymous ftp) which is a port if the 4.3BSD
- syslog/syslogd that is backwards compatible with the Ultrix version.
- I recommend it highly. If you do not do this you probably want
- to run configure with --with-logging=file
+ have bash or zsh in your path, configure will use it automatically.
projects / sudo / commitdiff