Annotation of src/usr.bin/sudo/UPGRADE, Revision 1.2
1.1 millert 1: Notes on upgrading from an older release
2: ========================================
3:
1.2 ! millert 4: o Upgrading from a version prior to 1.6.8:
! 5:
! 6: Prior to sudo 1.6.8, if /var/run did not exist, sudo would put
! 7: the timestamp files in /tmp/.odus. As of sudo 1.6.8, the
! 8: timestamp files will be placed in /var/adm/sudo or /usr/adm/sudo
! 9: if there is no /var/run directory. This directory will be
! 10: created if it does not already exist.
! 11:
! 12: Previously, a sudoers entry that explicitly prohibited running
! 13: a command as a certain user did not override a previous entry
! 14: allowing the same command. This has been fixed in sudo 1.6.8
! 15: such that the last match is now used (as it is documented).
! 16: Hopefully no one was depending on the previous (buggy) beghavior.
! 17:
1.1 millert 18: o Upgrading from a version prior to 1.6:
19:
20: As of sudo 1.6, parsing of runas entries and the NOPASSWD tag
21: has changed. Prior to 1.6, a runas specifier applied only to
22: a single command directly following it. Likewise, the NOPASSWD
23: tag only allowed the command directly following it to be run
24: without a password. Starting with sudo 1.6, both the runas
25: specifier and the NOPASSWD tag are "sticky" for an entire
26: command list. So, given the following line in sudo < 1.6
27:
28: millert ALL=(daemon) NOPASSWD:/usr/bin/whoami,/bin/ls
29:
30: millert would be able to run /usr/bin/whoami as user daemon
31: without a password and /bin/ls as root with a password.
32:
33: As of sudo 1.6, the same line now means that millert is able
34: to run run both /usr/bin/whoami and /bin/ls as user daemon
35: without a password. To expand on this, take the following
36: example:
37:
38: millert ALL=(daemon) NOPASSWD:/usr/bin/whoami, (root) /bin/ls, \
39: /sbin/dump
40:
41: millert can run /usr/bin/whoami as daemon and /bin/ls and
42: /sbin/dump as root. No password need be given for either
43: command. In other words, the "(root)" sets the default runas
44: user to root for the rest of the list. If we wanted to require
45: a password for /bin/ls and /sbin/dump the line could be written
46: thusly:
47:
48: millert ALL=(daemon) NOPASSWD:/usr/bin/whoami, \
49: (root) PASSWD:/bin/ls, /sbin/dump
50:
51: Additionally, sudo now uses a per-user timestamp directory
52: instead of a timestamp file. This allows tty timestamps to
53: simply be files within the user's timestamp dir. For the
54: default, non-tty case, the timestamp on the directory itself
55: is used.
56:
57: Also, the temporary file used by visudo is now /etc/sudoers.tmp
58: since some versions of vipw on systems with shadow passwords use
59: /etc/stmp for the temporary shadow file.
60:
61: o Upgrading from a version prior to 1.5:
62:
63: By default, sudo expects the sudoers file to be mode 0440 and
64: to be owned by user and group 0. This differs from version 1.4
65: and below which expected the sudoers file to be mode 0400 and
66: to be owned by root. Doing a `make install' will set the sudoers
67: file to the new mode and group. If sudo encounters a sudoers
68: file with the old permissions it will attempt to update it to
69: the new scheme. You cannot, however, use a sudoers file with
70: the new permissions with an old sudo binary. It is suggested
71: that if have a means of distributing sudo you distribute the
72: new binaries first, then the new sudoers file (or you can leave
73: sudoers as is and sudo will fix the permissions itself as long
1.2 ! millert 74: as sudoers is on a local file system).