| version 1.6, 2000/11/21 17:58:43 |
version 1.6.2.1, 2002/01/18 17:20:22 |
|
|
| Installation instructions for Sudo 1.6.3 |
Installation instructions for Sudo 1.6.5 |
| ======================================== |
======================================== |
| |
|
| Sudo uses a `configure' script to probe the capabilities and type |
Sudo uses a `configure' script to probe the capabilities and type |
|
|
| building sudo. Before you actually run configure you |
building sudo. Before you actually run configure you |
| should read the `Available configure options' section |
should read the `Available configure options' section |
| to see if there are any special options you may want |
to see if there are any special options you may want |
| or need. Also of interest may be the section on |
or need. |
| `Mixing password authentication schemes'. |
|
| |
|
| 4) Edit the configure-generated Makefile if you wish to |
4) Edit the configure-generated Makefile if you wish to |
| change any of the default paths (alternately you could |
change any of the default paths (alternately you could |
|
|
| --cache-file=FILE |
--cache-file=FILE |
| Cache test results in FILE |
Cache test results in FILE |
| |
|
| --help |
--config-cache, -C |
| |
Alias for `--cache-file=config.cache' |
| |
|
| |
--help, -h |
| Print the usage/help info |
Print the usage/help info |
| |
|
| --no-create |
--no-create, -n |
| Do not create output files |
Do not create output files |
| |
|
| --quiet, --silent |
--quiet, --silent, -q |
| Do not print `checking...' messages |
Do not print `checking...' messages |
| |
|
| Directory and file names: |
Directory and file names: |
|
|
| command line. |
command line. |
| |
|
| --with-bsdauth |
--with-bsdauth |
| Enable support for BSD authentication on BSD/OS. This option |
Enable support for BSD authentication on BSD/OS and OpenBSD. |
| assumes --with-logincap as well. It is not possible to mix |
This option assumes --with-logincap as well. It is not |
| BSD authentication with other authentication methods (and there |
possible to mix BSD authentication with other authentication |
| really should be no need to do so). Note that only the newer |
methods (and there really should be no need to do so). Note |
| BSD authentication API is supported. If you don't have |
that only the newer BSD authentication API is supported. |
| /usr/include/bsd_auth.h then you cannot use this. |
If you don't have /usr/include/bsd_auth.h then you cannot |
| |
use this. |
| |
|
| |
--disable-root-mailer |
| |
By default sudo will run the mailer as root when tattling |
| |
on a user so as to prevent that user from killing the mailer. |
| |
With this option, sudo will run the mailer as the invoking |
| |
user which some people consider to be safer. |
| |
|
| |
--disable-saved-ids |
| |
Disable use of POSIX saved IDs. Normally, sudo will try to |
| |
use POSIX saved IDs if they are supported. However, some |
| |
implementations are broken. If sudo aborts with an error like: |
| |
"seteuid(0): Operation not permitted" |
| |
you probably need to disable POSIX saved ID support. |
| |
|
| --disable-sia |
--disable-sia |
| Disable SIA support. This is the "Security Integration Architecture" |
Disable SIA support. This is the "Security Integration Architecture" |
| on Digital UNIX. If you disable SIA sudo will use its own |
on Digital UNIX. If you disable SIA sudo will use its own |
|
|
| on some SysV-based OS's using STREAMS. |
on some SysV-based OS's using STREAMS. |
| |
|
| --without-passwd |
--without-passwd |
| This option authentication via the passwd (or shadow) file. |
This option excludes authentication via the passwd (or shadow) file. |
| It should only be used when another, alternate, authentication |
It should only be used when another, alternate, authentication |
| scheme is in use. |
scheme is in use. |
| |
|
|
|
| --with-logging=TYPE |
--with-logging=TYPE |
| How you want to do your logging. You may choose "syslog", "file", |
How you want to do your logging. You may choose "syslog", "file", |
| or "both". Setting this to "syslog" is nice because you can keep all |
or "both". Setting this to "syslog" is nice because you can keep all |
| of your sudo logs in one place (see the FAQ). The default is "syslog". |
of your sudo logs in one place (see the sample.syslog.conf file). |
| |
The default is "syslog". |
| |
|
| --with-logfac=FACILITY |
--with-logfac=FACILITY |
| Determines which syslog facility to log to. This requires a 4.3BSD |
Determines which syslog facility to log to. This requires a 4.3BSD |
|
|
| just like the original sudo(8). This is off by default. |
just like the original sudo(8). This is off by default. |
| |
|
| --with-all-insults |
--with-all-insults |
| Include all the insult sets listed below. |
Include all the insult sets listed below. You must either specify |
| |
--with-insults or enable insults in the sudoers file for this to |
| |
have any effect. |
| |
|
| --with-classic-insults |
--with-classic-insults |
| Uses insults from sudo "classic." If you just specify --with-insults |
Uses insults from sudo "classic." If you just specify --with-insults |
|
|
| |
|
| --with-hal-insults |
--with-hal-insults |
| Uses 2001-like insults when an incorrect password is entered. |
Uses 2001-like insults when an incorrect password is entered. |
| You must specify --with-insults as well for this to have any effect. |
You must either specify --with-insults or enable insults in the |
| |
sudoers file for this to have any effect. |
| |
|
| --with-goons-insults |
--with-goons-insults |
| Insults the user with lines from the "Goon Show" when an incorrect |
Insults the user with lines from the "Goon Show" when an incorrect |
| password is entered. You must specify --with-insults as well for |
password is entered. You must either specify --with-insults or |
| this to have any effect. |
enable insults in the sudoers file for this to have any effect. |
| |
|
| --with-secure-path[=path] |
--with-secure-path[=path] |
| Path used for every command run from sudo(8). If you don't trust the |
Path used for every command run from sudo(8). If you don't trust the |
|
|
| Don't print the lecture the first time a user runs sudo. |
Don't print the lecture the first time a user runs sudo. |
| |
|
| --with-editor=path |
--with-editor=path |
| Specify the default editor used by visudo (and the only editor used |
Specify the default editor path for use by visudo. This may be |
| unless --with-env-editor is specified). The default is the path |
a single pathname or a colon-separated list of editors. In |
| to vi on your system. |
the latter case, visudo will choose the editor that matches |
| |
the user's USER environment variable or the first editor in |
| |
the list that exists. The default is the path to vi on your system. |
| |
|
| --with-env-editor |
--with-env-editor |
| Makes visudo consult the EDITOR and VISUAL environment variables before |
Makes visudo consult the EDITOR and VISUAL environment variables before |
| falling back on the default editor. Note that this may create a |
falling back on the default editor list (as specified by --with-editor). |
| security hole as most editors allow a user to get a shell (which would |
Note that this may create a security hole as it allows the user to |
| be a root shell and hence, no logging). |
run any arbitrary command as root without logging. A safer alternative |
| |
is to use a colon-separated list of editors with the --with-env-editor |
| |
option. visudo will then only use the EDITOR or VISUAL if they match |
| |
a value specified via --with-editor. |
| |
|
| --disable-authentication |
--disable-authentication |
| By default, sudo requires the user to authenticate via a |
By default, sudo requires the user to authenticate via a |
|
|
| the "#define HAVE_LSEARCH 1" line in config.h and add lsearch.o |
the "#define HAVE_LSEARCH 1" line in config.h and add lsearch.o |
| to the LIBOBJS line in the Makefile. |
to the LIBOBJS line in the Makefile. |
| |
|
| It is not possible to access the sudoers file via NFS on Linux. |
If you are using a Linux kernel older than 2.4 it is not possible |
| This is due to a bug in the Linux client-side NFS implementation. |
to access the sudoers file via NFS. This is due to a bug in |
| It has been fixed in the developement kernel but, as of Aug 27, |
the Linux client-side NFS implementation that has since been |
| 1999, the fixes have not made it into the mainstream kernel. |
fixed. There is a workaround on the sudo ftp site, linux_nfs.patch, |
| There is a workaround on the sudo ftp site, linux_nfs.patch, |
if you need to NFS-mount sudoers on older Linux kernels. |
| if you need to NFS-mount sudoers on Linux. |
|
| |
|
| Mac OS X: |
Mac OS X: |
| It has been reported that for sudo to work on Mac OS X it must |
It has been reported that for sudo to work on Mac OS X it must |
![[BACK]](/icons/back.gif){kind=icon}
Return to INSTALL CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / sudo