From: Todd C. Miller Date: Mon, 14 Jun 2010 20:15:39 +0000 (-0400) Subject: Update OS specific notes. Delete some really ancient ones and move X-Git-Tag: SUDO_1_7_3~67 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5df56127cc215e58c612c0e25d7580e0e139e63a;p=sudo Update OS specific notes. Delete some really ancient ones and move older ones to the end of the list. --HG-- branch : 1.7 --- diff --git a/INSTALL b/INSTALL index 6cb9e5996..bf05a4d88 100644 --- a/INSTALL +++ b/INSTALL @@ -15,23 +15,17 @@ For most systems and configurations it is possible simply to: 0) If you are upgrading from a previous version of sudo please read the info in the UPGRADE file before proceeding. - 1) If you previously ran `configure' on a different host - you will probably want to do a `make distclean' to remove - the old `config.cache' file. Otherwise, `configure' - will complain and refuse to run. Alternately, one can - simply `rm config.cache'. - - 2) Read the `OS dependent notes' section for any particular + 1) Read the `OS dependent notes' section for any particular "gotchas" relating to your operating system. - 3) `cd' to the source or build directory and type `./configure' + 2) `cd' to the source or build directory and type `./configure' to generate a Makefile and config.h file suitable for building sudo. Before you actually run configure you should read the `Available configure options' section to see if there are any special options you may want or need. - 4) Edit the configure-generated Makefile if you wish to + 3) Edit the configure-generated Makefile if you wish to change any of the default paths (alternatively, you could have changed the paths via options to `configure'. @@ -642,31 +636,44 @@ Shadow passwords are known to work on the following platforms: Digital UNIX IRIX >= 5.x AIX >= 3.2.x - ConvexOS with C2 security (not tested recently) Linux SCO >= 3.2.2 Pyramid DC/OSx UnixWare SVR4 (and variants using standard SVR4 shadow passwords) - 4.4BSD based systems (including OpenBSD, NetBSD, FreeBSD, and BSD/OS) - OS's using SecureWare's C2 security. + 4.4BSD based systems (including OpenBSD, NetBSD, FreeBSD, and Mac OS X) + Systems using SecureWare's C2 security. OS dependent notes ================== -OpenBSD < 2.2 and NetBSD < 1.2.1: - The fdesc file system has a bug wrt /dev/tty handling that - causes sudo to hang at the password prompt. The workaround - is to run configure with --with-password-timeout=0 +Linux: + PAM and LDAP headers are not installed by default on most Linux + systems. You will need to install the "pam-dev" package if + /usr/include/security/pam_appl.h is not present on your system. + If you wish to build with LDAP support you will also need the + openldap-devel package. + + Versions of glibc 2.x previous to 2.0.7 have a broken lsearch(). + You will need to either upgrade to glibc-2.0.7 or use sudo's + version of lsearch(). To use sudo's lsearch(), comment out + the "#define HAVE_LSEARCH 1" line in config.h and add lsearch.o + to the LIBOBJS line in the Makefile. + + If you are using a Linux kernel older than 2.4 it is not possible + to access the sudoers file via NFS. This is due to a bug in + the Linux client-side NFS implementation that has since been + fixed. There is a workaround on the sudo ftp site, linux_nfs.patch, + if you need to NFS-mount sudoers on older Linux kernels. Solaris 2.x: - You need to have a C compiler in order to build sudo. - Since Solaris 2.x does not come with one by default this - means that you either need to have purchased the unbundled Sun - C compiler or have a copy of the GNU C compiler (gcc). - The SunSoft Catalyst CD should contain gcc binaries for - Solaris. You can also get them from various places on the - net, including http://www.sunfreeware.com/ + You need to have a C compiler in order to build sudo. Since + Solaris 2.x does not come with one by default this means that + you either need to install the Sun Studio compiler suite, + available for free from www.sun.com, or have a copy of the GNU + C compiler (gcc) which is distributed on the Solaris Companion + CD. You can also get them from various places on the net, + including http://www.sunfreeware.com/ NOTE: sudo will *not* build with the sun C compiler in BSD compatibility mode (/usr/ucb/cc). Sudo is designed to compile with the standard C compiler (or gcc) and will @@ -674,36 +681,32 @@ Solaris 2.x: `--with-CC' option to point `configure' to the non-ucb compiler if it is not the first cc in your path. Some sites link /usr/ucb/cc to gcc; configure will not notice - this an still refuse to use /usr/ucb/cc, so make sure gcc + this and still refuse to use /usr/ucb/cc, so make sure gcc is also in your path if your site is setup this way. - Also: Many versions of Solaris come with a broken syslogd. + Also: Older versions of Solaris come with a broken syslogd. If you have having problems with sudo logging you should make sure you have the latest syslogd patch installed. This is a problem for Solaris 2.4 and 2.5 at least. -AIX 3.2.x: - I've had various problems with the AIX C compiler producing - incorrect code when the -O flag was used. When optimization - is not used, the problems go away. Gcc does not appear - to have this problem. +Mac OS X: + The pseudo-tty support in the Mac OS X kernel has bugs related + to its handling of the SIGTSTP, SIGTTIN and SIGTTOU signals. + It does not restart reads and writes when those signals are + delivered. This may cause problems for some commands when I/O + logging is enabled. The issue has been reported to Apple and + is bug id #7952709. - Also, the AIX 3.2.x lex will not work with sudo's parse.lex. - This should not be a problem as sudo comes shipped with - a pre-generated lex.yy.c (created by flex). If you want - to modify the lex tokenizer, make sure you grab a copy of - flex from ftp.ee.lbl.gov (also available on most GNU mirrors) - and sudo will use that instead. +HP-UX: + The default C compiler shipped with HP-UX does not support + creating position independent code and so is unable to support + sudo's "noexec" functionality. You must use either the HP ANSI + C compiler or gcc for noexec to work. Binary packages of gcc + are available http://hpux.connect.org.uk/. -Ultrix 4.x: - Ultrix still ships with the 4.2BSD syslog(3) which does not - allow things like logging different facilities to different - files, redirecting logs to a single loghost and other niceties. - You may want to just grab and install: - ftp://gatekeeper.dec.com/pub/DEC/jtkohl-syslog-complete.tar.Z - (available via anonymous ftp) which is a port if the 4.3BSD - syslog/syslogd that is backwards compatible with the Ultrix version. - I recommend it highly. If you do not do this you probably want - to run configure with --with-logging=file + To prevent PAM from overriding the value of umask on HP-UX 11, + you will need to add a line like the following to /etc/pam.conf: + + sudo session required libpam_hpsec.so.1 bypass_umask Digital UNIX: By default, sudo will use SIA (Security Integration Architecture) @@ -722,59 +725,35 @@ Digital UNIX: you can just make a copy in gcc's private include tree and edit that. -Linux: - PAM and LDAP headers are not installed by default on most Linux - systems. You will need to install the "pav-dev" package if - /usr/include/security/pam_appl.h is not present on your system. - If you wish to build with LDAP support you will also need the - openldap-devel package. - - Versions of glibc 2.x previous to 2.0.7 have a broken lsearch(). - You will need to either upgrade to glibc-2.0.7 or use sudo's - version of lsearch(). To use sudo's lsearch(), comment out - the "#define HAVE_LSEARCH 1" line in config.h and add lsearch.o - to the LIBOBJS line in the Makefile. - - If you are using a Linux kernel older than 2.4 it is not possible - to access the sudoers file via NFS. This is due to a bug in - the Linux client-side NFS implementation that has since been - fixed. There is a workaround on the sudo ftp site, linux_nfs.patch, - if you need to NFS-mount sudoers on older Linux kernels. - -Mac OS X: - It has been reported that for sudo to work on Mac OS X it must - either be built with the --with-password-timeout=0 option or the - password timeout must be disabled in the Defaults line in the - sudoers file. If sudo just hangs when you try to enter a password, - you need to disable the password timeout (Note: this is not a bug - in sudo). +AIX 3.2.x: + I've had various problems with the AIX C compiler producing + incorrect code when the -O flag was used. When optimization + is not used, the problems go away. Gcc does not appear + to have this problem. SCO ODT: You'll probably need libcrypt_i.a available via anonymous ftp from sosco.sco.com. The necessary files are /SLS/lng225b.Z and /SLS/lng225b.ltr.Z. -Dynix: - Some people have experienced problems building sudo with gcc - on Dynix. If you experience problems compiling sudo using gcc - on Dynix, try using the native compiler (cc). You can do so - by removing the config.cache file and then re-running configure - with the --with-CC=cc option. - -HP-UX: - The default C compiler shipped with HP-UX does not support creating - position independent code and so is unable to support sudo's "noexec" - functionality. You must use either the HP ANSI C compiler or gcc for - noexec to work. Binary packages of gcc are available from - http://hpux.connect.org.uk/ and http://hpux.cs.utah.edu/. - - To prevent PAM from overriding the value of umask on HP-UX 11, - you will need to add a line like the following to /etc/pam.conf: - - sudo session required libpam_hpsec.so.1 bypass_umask - SunOS 4.x: The /bin/sh shipped with SunOS blows up while running configure. - You can work around this by installalling bash or zsh. If you + You can work around this by installing bash or zsh. If you have bash or zsh in your path, configure will use it instead automatically. + +ULTRIX 4.x: + The /bin/sh shipped with ULTRIX blows up while running configure. + You can work around this by installing bash or zsh. If you + have bash or zsh in your path, configure will use it instead + automatically. + + ULTRIX ships with the 4.2BSD syslog(3) which does not + allow things like logging different facilities to different + files, redirecting logs to a single loghost and other niceties. + You may want to just grab and install: + ftp://www.sudo.ws/pub/sudo/misc/jtkohl-syslog-complete.tar.gz + (available via anonymous ftp) which is a port if the 4.3BSD + syslog/syslogd that is backwards compatible with the Ultrix version. + I recommend it highly. If you do not do this you probably want + to run configure with --with-logging=file