1993-11-27 23:48:09 +00:00
|
|
|
INSTALL NOTES
|
|
|
|
|
|
1994-06-24 23:45:07 +00:00
|
|
|
0) Run the configure script, ie: "./configure". See the SUPPORTED file
|
1994-03-12 21:19:12 +00:00
|
|
|
for a list of OS's sudo is known to work on. Configure will generate
|
1994-03-12 19:11:14 +00:00
|
|
|
config.h, pathnames.h, Makefile and visudoers/Makefile. You shouldn't
|
|
|
|
|
need to hand-edit the Makefiles but if you don't like configure's choice
|
|
|
|
|
of C compiler, yacc or lex programs you may want to. You can also
|
|
|
|
|
use the --prefix flag to configure to install sudo/visudo in a place
|
|
|
|
|
other than /usr/local (ie: --prefix=/opt).
|
1993-12-07 06:33:16 +00:00
|
|
|
|
1995-03-29 13:20:13 +00:00
|
|
|
BEWARE: configure caches values in config.cache. This will cause
|
|
|
|
|
problems if you are building for different architectures. You
|
|
|
|
|
*must* do a "make realclean" to remove the configure-generated
|
|
|
|
|
files betweem builds in this case. Basically, you should do a
|
|
|
|
|
"make realclean" before you run configure each time.
|
|
|
|
|
|
1994-06-24 23:45:07 +00:00
|
|
|
NOTE: if you use C2 security you need to use the --with-C2 flag to
|
1995-03-30 02:46:22 +00:00
|
|
|
configure. Currently this only affects SunOS 4.x, hpux 9.x, ultrix 4.x,
|
|
|
|
|
Digital UNIX and ConvexOS with C2 security. For hpux only, you can use
|
|
|
|
|
--with-C2 if you are expecting to migrate to C2 security later but it
|
|
|
|
|
makes password lookups about twice as slow.
|
1994-06-24 23:45:07 +00:00
|
|
|
|
1994-07-14 16:34:26 +00:00
|
|
|
NOTE2: if you use AFS, you need to run configure with --with-AFS
|
|
|
|
|
|
1995-06-07 02:44:43 +00:00
|
|
|
NOTE3: if you use kerberos version 4 you need to run configure
|
|
|
|
|
with --with-kerb4. This has only been tested with the Cygnus
|
|
|
|
|
kerberos package (CNS) but should work for vanilla kerberos too.
|
|
|
|
|
|
1995-03-29 00:57:11 +00:00
|
|
|
1) Read the OPTIONS file and then edit options.h to enable/disable the
|
|
|
|
|
options you may or may not want. You should not have to edit
|
|
|
|
|
sudo.h or config.h.
|
1993-12-07 06:33:16 +00:00
|
|
|
|
1994-03-12 19:11:14 +00:00
|
|
|
2) Type make. If configure did its job correctly there won't be any
|
|
|
|
|
problems. If this doesn't work, take a look at the file PORTING for
|
|
|
|
|
tips on what might have gone wrong. Please mail us if you have a
|
|
|
|
|
fix or if you are unable to come up with a fix (address at EOF).
|
1994-01-31 06:50:45 +00:00
|
|
|
|
|
|
|
|
3) Do a make install (as root) to install sudo. If you get an error
|
|
|
|
|
about setuid(0) failing, something went wrong with the install and
|
1993-12-07 06:33:16 +00:00
|
|
|
the permissions on sudo are wrong. Sudo needs to run setuid root.
|
|
|
|
|
If you get this message, chances are it's not running setuid root.
|
|
|
|
|
|
|
|
|
|
You can also install various pieces the package via install-binaries,
|
|
|
|
|
install-man, install-sudoers.
|
|
|
|
|
|
1994-02-10 18:50:34 +00:00
|
|
|
4) Customize /etc/sudoers for your site. Read the man page and take a
|
|
|
|
|
look at sample.sudoers to see how to do this.
|
|
|
|
|
|
|
|
|
|
5) You're done.
|
1993-12-07 06:33:16 +00:00
|
|
|
|
|
|
|
|
A few notes:
|
|
|
|
|
|
1994-07-25 22:24:53 +00:00
|
|
|
a) To use syslog with the ultrix version you may want to grab
|
1993-12-07 06:33:16 +00:00
|
|
|
and install pub/DEC/jtkohl-syslog-complete.tar.Z available from
|
1994-07-25 22:24:53 +00:00
|
|
|
gatekeeper.dec.com via anonymous ftp. If you don't I'd suggest
|
1994-07-25 22:37:22 +00:00
|
|
|
logging to a separate file rather than using the 4.2BSD syslog()
|
1994-07-25 22:24:53 +00:00
|
|
|
that comes with ultrix. The jtkohl syslog is a nice port of the
|
|
|
|
|
4.3 syslogd that is backwards compatible with the ultrix version.
|
|
|
|
|
I recommend it highly.
|
1993-12-07 06:33:16 +00:00
|
|
|
|
1994-01-31 06:50:45 +00:00
|
|
|
b) visudo will *NOT* use the editor referred to by the EDITOR or
|
|
|
|
|
VISUAL environmental variables unless you define ENV_EDITOR in
|
1994-03-12 19:11:14 +00:00
|
|
|
sudo.h. I like the feature, but it can be a security hole
|
1994-01-31 06:50:45 +00:00
|
|
|
if you don't know about it. If you have EDITOR set to something
|
1993-12-07 06:33:16 +00:00
|
|
|
secure (ie: no shells or external commands) in the Makefile or
|
1994-01-31 06:50:45 +00:00
|
|
|
sudo.h you don't want to define ENV_EDITOR. Note that vi (the default
|
|
|
|
|
editor) is anything *but* secure in this respect (and no, setting the
|
|
|
|
|
editor to a wrapper that sets the SHELL envar to /bin/true does *not*
|
|
|
|
|
make vi secure--you can change your shell from within vi). If you
|
|
|
|
|
leave the default of vi, you really don't stand to lose anything by
|
|
|
|
|
defining ENV_EDITOR.
|
|
|
|
|
|
|
|
|
|
c) If you have a sense of humor you may want to define USE_INSULTS to
|
1993-12-07 06:33:16 +00:00
|
|
|
get the insults from the "old" sudo when you enter an incorrect
|
|
|
|
|
password. Beware, this feature causes some people to want to throw
|
|
|
|
|
their machine across the room and dash it to tiny pieces.
|
1994-02-09 03:55:12 +00:00
|
|
|
Sci fi fans may want to define HAL as well (see insults.h).
|
1993-11-28 00:46:01 +00:00
|
|
|
|
1994-07-07 18:37:23 +00:00
|
|
|
d) If you are *not* running sendmail or some other mailer, you should
|
|
|
|
|
comment out the MAILER #define in sudo.h.
|
|
|
|
|
|
1993-11-27 23:48:09 +00:00
|
|
|
Please send changes, bugs, security holes, and gripes to:
|
|
|
|
|
sudo-bugs@cs.colorado.edu
|
