--cache-file=FILE
Cache test results in FILE
- --help
+ --config-cache, -C
+ Alias for `--cache-file=config.cache'
+
+ --help, -h
Print the usage/help info
- --no-create
+ --no-create, -n
Do not create output files
- --quiet, --silent
+ --quiet, --silent, -q
Do not print `checking...' messages
Directory and file names:
command line.
--with-bsdauth
- Enable support for BSD authentication on BSD/OS. This option
- assumes --with-logincap as well. It is not possible to mix
- BSD authentication with other authentication methods (and there
- really should be no need to do so). Note that only the newer
- BSD authentication API is supported. If you don't have
- /usr/include/bsd_auth.h then you cannot use this.
+ Enable support for BSD authentication on BSD/OS and OpenBSD.
+ This option assumes --with-logincap as well. It is not
+ possible to mix BSD authentication with other authentication
+ methods (and there really should be no need to do so). Note
+ that only the newer BSD authentication API is supported.
+ If you don't have /usr/include/bsd_auth.h then you cannot
+ use this.
+
+ --disable-saved-ids
+ Disable use of POSIX saved IDs. Normally, sudo will try to
+ use POSIX saved IDs if they are supported. However, some
+ implementations are broken. If sudo aborts with an error like:
+ "seteuid(0): Operation not permitted"
+ you probably need to disable POSIX saved ID support.
--disable-sia
Disable SIA support. This is the "Security Integration Architecture"
the "#define HAVE_LSEARCH 1" line in config.h and add lsearch.o
to the LIBOBJS line in the Makefile.
- It is not possible to access the sudoers file via NFS on Linux.
- This is due to a bug in the Linux client-side NFS implementation.
- It has been fixed in the developement kernel but, as of Aug 27,
- 1999, the fixes have not made it into the mainstream kernel.
- There is a workaround on the sudo ftp site, linux_nfs.patch,
- if you need to NFS-mount sudoers on Linux.
+ If you are using a Linux kernel older than 2.4 it is not possible
+ to access the sudoers file via NFS. This is due to a bug in
+ the Linux client-side NFS implementation that has since been
+ fixed. There is a workaround on the sudo ftp site, linux_nfs.patch,
+ if you need to NFS-mount sudoers on older Linux kernels.
Mac OS X:
It has been reported that for sudo to work on Mac OS X it must
your $PATH before the directory containing sudo. If you are going
to have '.' in your path you should make sure it is at the end.
+Q) Sudo compiles but when I run it I get "seteuid(0): Operation not permitted"
+ and sudo quits.
+A) The operating system you are running probably has broken support for
+ POSIX saved IDs. You should run configure with the "--disable-saved-ids"
+ option and rebuild sudo.
+
Q) Sudo never gives me a chance to enter a password using PAM, it just
says 'Sorry, try again.' three times and quits.
A) You didn't setup PAM to work with sudo. On Linux this generally
esac
], AC_MSG_RESULT(yes))
+AC_MSG_CHECKING(whether to disable use of POSIX saved ids)
+AC_ARG_ENABLE(saved-ids,
+[ --saved-ids Don't try to use POSIX saved ids],
+[ case "$enableval" in
+ yes) AC_MSG_RESULT(no)
+ ;;
+ no) AC_MSG_RESULT(yes)
+ AC_DEFINE(NO_SAVED_IDS, 1, [Define to avoid using POSIX saved ids.])
+ ;;
+ *) AC_MSG_RESULT(no)
+ echo "Ignoring unknown argument to --enable-saved-ids: $enableval"
+ ;;
+ esac
+], AC_MSG_RESULT(no))
+
AC_MSG_CHECKING(whether to disable shadow password support)
AC_ARG_ENABLE(shadow,
[ --disable-shadow Never use shadow passwords],
static void runas_setup __P((void));
static void fatal __P((char *));
-#if defined(_SC_SAVED_IDS) && defined(_SC_VERSION)
+#if !defined(NO_SAVED_IDS) && defined(_SC_SAVED_IDS) && defined(_SC_VERSION)
/*
* Set real and effective uids and gids based on perm.
* Since we have POSIX saved IDs we can get away with just
break;
}
}
-#endif /* _SC_SAVED_IDS && _SC_VERSION */
+#endif /* !NO_SAVED_IDS && _SC_SAVED_IDS && _SC_VERSION */
#ifdef HAVE_SETREUID
/*
* set the real, effective and saved uids to 0 and use set_perms_fallback()
* instead of set_perms_posix().
*/
-#if defined(_SC_SAVED_IDS) && defined(_SC_VERSION)
+#if !defined(NO_SAVED_IDS) && defined(_SC_SAVED_IDS) && defined(_SC_VERSION)
if (!def_flag(I_STAY_SETUID) && set_perms == set_perms_posix) {
if (setuid(0)) {
perror("setuid(0)");
(void) sigaction(SIGCHLD, &sa, NULL);
/* Set set_perms pointer to the correct function */
-#if defined(_SC_SAVED_IDS) && defined(_SC_VERSION)
+#if !defined(NO_SAVED_IDS) && defined(_SC_SAVED_IDS) && defined(_SC_VERSION)
if (sysconf(_SC_SAVED_IDS) == 1 && sysconf(_SC_VERSION) >= 199009)
set_perms = set_perms_posix;
else
projects / sudo / commitdiff