Annotation of src/usr.bin/sudo/TROUBLESHOOTING, Revision 1.1
1.1 ! millert 1: FAQ and troubleshooting tips for Sudo
! 2: =====================================
! 3:
! 4: Q) Sudo compiles but when I run it I get "Sorry, sudo must be setuid root."
! 5: and sudo quits.
! 6: A) Sudo must be setuid root to do its work. You need to do something like
! 7: `chmod 4111 /usr/local/bin/sudo'. Also, the filesystem sudo resides
! 8: on must *not* be mounted with the nosuid mount option or sudo will
! 9: not be able to work. Another possibility is you may have '.' in
! 10: your $PATH before the directory containing sudo. If you are going
! 11: to have '.' in your path you should make sure it is at the end.
! 12:
! 13: Q) Sudo is setup to log via syslog(3) but I'm not getting any log
! 14: messages.
! 15: A) Make sure you have an entry in your syslog.conf file to save
! 16: the sudo messages (see the sample.syslog.conf file). The default
! 17: log facility is local2 (changeable via configure). Don't forget
! 18: to send a SIGHUP to your syslogd so that it re-reads its conf file.
! 19: Also, remember that syslogd does *not* create log files, you need to
! 20: create the file before syslogd will log to it (ie: touch /var/log/sudo).
! 21: Note: the facility ("local2.debug") must be separated from the
! 22: destination ("/var/adm/sudo.log" or "@loghost") by
! 23: tabs, *not* spaces. This is a common error.
! 24:
! 25: Q) When sudo asks me for my password it never accepts what I enter even
! 26: though I know I entered my password correctly.
! 27: A) If your system uses shadow passwords, it is possible that sudo
! 28: didn't detect this. Take a look at the generated config.h file
! 29: and verify that the C function used for shadow password lookups
! 30: was detected. For instance, for SVR4-style shadow passwords,
! 31: HAVE_GETSPNAM should be defined (you can search for the string
! 32: "shadow passwords" in config.h with your editor). Note that
! 33: there is no define for 4.4BSD-based shadow passwords since that
! 34: just uses the standard getpw* routines.
! 35:
! 36: Q) I don't want the sudoers file in /etc, how can I specify where it
! 37: should go?
! 38: A) Use the --sysconfdir option to configure. Ie:
! 39: configure --sysconfdir=/dir/you/want/sudoers/in
! 40:
! 41: Q) Can I put the sudoers file in NIS/NIS+ or do I have to have a
! 42: copy on each machine?
! 43: A) There is no support for making an NIS/NIS+ map/table out of
! 44: the sudoers file at this time. A good way to distribute the
! 45: sudoers file is via rdist(1). It is also possible to NFS-mount
! 46: the sudoers file.
! 47:
! 48: Q) I don't run sendmail on my machine. Does this mean that I cannot
! 49: use sudo?
! 50: A) No, you just need to run use the --without-sendmail argument to configure
! 51: or add "!mailerpath" to the Defaults line in /etc/sudoers.
! 52:
! 53: Q) When I run visudo it uses vi as the editor and I hate vi. How
! 54: can I make it use another editor?
! 55: A) Your best bet is to run configure with the --with-env-editor switch.
! 56: This will make visudo use the editor specified by the user's
! 57: EDITOR environment variable. Alternately, you can run configure
! 58: with the --with-editor=/path/to/another/editor.
! 59:
! 60: Q) Sudo appears to be removing some variables from my environment, why?
! 61: A) Sudo removes the following "dangerous" environment variables
! 62: to guard against shared library spoofing, shell voodoo, and
! 63: kerberos server spoofing.
! 64: IFS
! 65: LOCALDOMAIN
! 66: RES_OPTIONS
! 67: HOSTALIASES
! 68: ENV
! 69: BASH_ENV
! 70: LD_*
! 71: _RLD_*
! 72: SHLIB_PATH (HP-UX only)
! 73: LIB_PATH (AIX only)
! 74: KRB_CONF (kerb4 only)
! 75: KRB5_CONFIG (kerb5 only)
! 76:
! 77: Q) How can I keep sudo from asking for a password?
! 78: A) To specify this on a per-user (and per-command) basis, use the 'NOPASSWD'
! 79: tag right before the command list in sudoers. See the sudoers man page
! 80: and sample.sudoers for details. To disable passwords completely,
! 81: run configure with the --without-passwd option or add "!authenticate"
! 82: to the Defaults line in /etc/sudoers. You can also turn off authentication
! 83: on a per-user or per-host basis using a user or host-specific Defaults
! 84: entry in sudoers.
! 85:
! 86: Q) When I run configure, it dies with the following error:
! 87: "no acceptable cc found in $PATH".
! 88: A) /usr/ucb/cc was the only C compiler that configure could find.
! 89: You need to tell configure the path to the "real" C compiler
! 90: via the --with-CC option. On Solaris, the path is probably
! 91: something like "/opt/SUNWspro/SC4.0/bin/cc". If you have gcc
! 92: that will also work.
! 93:
! 94: Q) When I run configure, it dies with the following error:
! 95: Fatal Error: config.cache exists from another platform!
! 96: Please remove it and re-run configure.
! 97: A) configure caches the results of its tests in a file called
! 98: config.cache to make re-running configure speedy. However,
! 99: if you are building sudo for a different platform the results
! 100: in config.cache will be wrong so you need to remove config.cache.
! 101: You can do this by "rm config.cache" or "make realclean".
! 102: Note that "make realclean" will also remove any object files
! 103: and configure temp files that are laying around as well.
! 104:
! 105: Q) I built sudo on a Solaris >= 2.6 machine but the resulting binary
! 106: doesn't work on Solaris <= 2.5.1. Why?
! 107: A) Starting with Solaris 2.6, snprintf(3) is included in the standard
! 108: C library. To build a version of sudo on a >= 2.6 machine that
! 109: will run on a <= 2.5.1 machine, edit config.h and comment out the lines:
! 110: #define HAVE_SNPRINTF 1
! 111: #define HAVE_VSNPRINTF 1
! 112: and run make.
! 113:
! 114: Q) When I run "visudo" it says "sudoers file busy, try again later."
! 115: and doesn't do anything.
! 116: A) Someone else is currently editing the sudoers file with visudo.
! 117:
! 118: Q) When I try to use "cd" with sudo it says "cd: command not found".
! 119: A) "cd" is a shell builtin, you can't run it as a command since
! 120: a child process (sudo) cannot affect the current working directory
! 121: of the parent (your shell).
! 122:
! 123: Q) When I try to use "cd" with sudo the command completes without
! 124: errors but nothing happens.
! 125: A) Some SVR4-derived OS's include a /usr/bin/cd command for reasons
! 126: unfathomable. A "cd" command is totally useless since a child process
! 127: cannot affect the current working directory of the parent (your shell).
! 128:
! 129: Q) How do you pronounce `sudo'?
! 130: A) soo-doo (for superuser do).