From: Todd C. Miller Date: Sun, 13 Sep 1998 19:50:28 +0000 (+0000) Subject: Better description of new vs. old sudoers modes X-Git-Tag: SUDO_1_5_6~4 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9f3d9e1229abd6e090e00217afb90a31d3ff1cdb;p=sudo Better description of new vs. old sudoers modes fix some typos better description of /usr/ucb/cc gotchas on slowaris --- diff --git a/INSTALL b/INSTALL index dbd631e5e..02807f518 100644 --- a/INSTALL +++ b/INSTALL @@ -62,13 +62,13 @@ For most systems and configurations it is possible simply to: Notes on upgrading from an older release ======================================== -Sudo 1.5.6 expects the sudoers file to have different permissions -(mode 0440) and be owned by user and group 0. This differs from -version 1.4 and below which expected the sudoers file to be owned -by root and mode 0400. Doing a `make install' will set the sudoers -file to the new mode and group. If sudo 1.5.6 encounters a sudoers -file with the old permissions it will attempt to update it to the -new scheme. You cannot, however, use a sudoers file with the new +By default, sudo 1.5.6 expects the sudoers file to be mode 0440 and +to be owned by user and group 0. This differs from version 1.4 and +below which expected the sudoers file to be mode 0400 and to be +owned by root. Doing a `make install' will set the sudoers file +to the new mode and group. If sudo 1.5.6 encounters a sudoers file +with the old permissions it will attempt to update it to the new +scheme. You cannot, however, use a sudoers file with the new permissions with an old sudo binary. It is suggested that if have a means of distributing sudo you distribute the new binaries first, then the new sudoers file (or you can leave sudoers as is and sudo @@ -135,7 +135,7 @@ Special features/options: links with the standard kerberos v5 libraries as well as the v4 compatibility libraries. - --with-pam Enable PAM support. Tested on Readhat Linux 5.x + --with-pam Enable PAM support. Tested on Redhat Linux 5.x but may work on earlier versions too. Not tested on Solaris. @@ -206,7 +206,7 @@ Shadow passwords are supported on the following platforms: Solaris 2.x HP-UX 9.x and 10.x Ultrix 4.x - Digital UNIX 3.x amd 4.x + Digital UNIX 3.x and 4.x Irix 5.x and 6.x AIX 3.2.x ad 4.x ConvexOS with C2 security (not tested recently) @@ -251,11 +251,14 @@ Solaris 2.x: Solaris. You can also get them from various places on the net, including http://smc.vnet.net/solaris_2.5.html. NOTE: sudo will *not* build with the sun C compiler in BSD - compatibility mode (/usr/ucb/cc). Sudo is designed - to compile with the standard C compiler (or gcc) and - will not build correctly with /usr/ucb/cc. You can - use the `--with-CC' option to point `configure' to the - non-ucb compiler if it is not the first cc in your path. + compatibility mode (/usr/ucb/cc). Sudo is designed to + compile with the standard C compiler (or gcc) and will + not build correctly with /usr/ucb/cc. You can use the + `--with-CC' option to point `configure' to the non-ucb + compiler if it is not the first cc in your path. Some + sites link /usr/ucb/cc to gcc; configure will not notice + this an still refuse to use /usr/ucb/cc, so make sure gcc + is also in your path if your site is setup this way. Also: Many versions of Solaris come with a broken syslogd. If you have having problems with sudo logging you should make sure you have the latest syslogd patch installed. @@ -276,7 +279,7 @@ AIX 3.2.x: Ultrix 4.x: Ultrix still ships with the 4.2BSD syslog(3) which does not - allow things like logging different faclities to different + allow things like logging different facilities to different files, redirecting logs to a single loghost and other niceties. You may want to just grab and install: ftp://gatekeeper.dec.com/pub/DEC/jtkohl-syslog-complete.tar.Z @@ -305,7 +308,7 @@ Linux: scripts that lack the "#!/some/shell" header correctly. The workaround is to give all your scripts a proper header. - Versions of glibc previous to 2.0.7 have a broken lsearch(). + Versions of glibc 2.x previous to 2.0.7 have a broken lsearch(). You will need to either upgrade to glibc-2.0.7 or use sudo's version of lsearch(). To use sudo's lsearch(), comment out the "#define HAVE_LSEARCH 1" line in config.h and add lsearch.o @@ -318,3 +321,4 @@ SCO ODT: Please send changes, bugs, security holes, and gripes to: sudo-bugs@courtesan.com +But please read the `TROUBLESHOOTING' file first.