mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-31 14:25:15 +00:00
Code Issues Releases Wiki Activity

Make it clear which configure options take arguments.

Browse Source
This commit is contained in:
Todd C. Miller
2002-02-22 03:23:05 +00:00
parent d1bb1bc099
commit 1c23b1b68a
1 changed files with 101 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

189
INSTALL
View File

@@ -105,25 +105,28 @@ Directory and file names:
Find the sources in DIR [configure dir or ..] Find the sources in DIR [configure dir or ..]
Special features/options: Special features/options:
--with-CC=path --with-CC=PATH
Specifies path to C compiler you wish to use. Specifies path to C compiler you wish to use.
--with-incpath --with-incpath=DIR
Adds the specified directories to CPPFLAGS so configure and the Adds the specified directory (or directories) to CPPFLAGS
compiler will look there for include files. Multiple directories so configure and the compiler will look there for include
may be specified as long as they are space separated. files. Multiple directories may be specified as long as
they are space separated.
Eg: --with-incpath="/usr/local/include /opt/include" Eg: --with-incpath="/usr/local/include /opt/include"
--with-libpath --with-libpath=DIR
Adds the specified directories to SUDO_LDFLAGS and VISUDO_LDFLAGS so Adds the specified directory (or directories_ to SUDO_LDFLAGS
configure and the compiler will look there for libraries. Multiple and VISUDO_LDFLAGS so configure and the compiler will look
directories may be specified as with --with-incpath. there for libraries. Multiple directories may be specified
as with --with-incpath.
--with-libraries --with-libraries=LIBRARY
Adds the specified libaries to SUDO_LIBS and and VISUDO_LIBS so sudo Adds the specified library (or libaries) to SUDO_LIBS and
will link against them. If the library doesn't start with `-l' or end and VISUDO_LIBS so sudo will link against them. If the
in `.a' or `.o' a `-l' will be prepended to it. Multiple libraries may library doesn't start with `-l' or end in `.a' or `.o' a
be specified as long as they are space separated. `-l' will be prepended to it. Multiple libraries may be
specified as long as they are space separated.
--with-csops --with-csops
Add CSOps standard options. You probably aren't interested in this. Add CSOps standard options. You probably aren't interested in this.
@@ -134,11 +137,11 @@ Special features/options:
--with-opie --with-opie
Enable NRL OPIE OTP (One Time Password) support. Enable NRL OPIE OTP (One Time Password) support.
--with-SecurID=DIR --with-SecurID[=DIR]
Enable SecurID support. If specified, DIR is directory containing Enable SecurID support. If specified, DIR is directory containing
sdiclient.a, sdi_athd.h, sdconf.h, and sdacmvls.h. sdiclient.a, sdi_athd.h, sdconf.h, and sdacmvls.h.
--with-fwtk=DIR --with-fwtk[=DIR]
Enable TIS Firewall Toolkit (FWTK) 'authsrv' support. If specified, Enable TIS Firewall Toolkit (FWTK) 'authsrv' support. If specified,
DIR is the base directory containing the compiled FWTK package DIR is the base directory containing the compiled FWTK package
(or at least the library and header files). (or at least the library and header files).
@@ -197,12 +200,11 @@ Special features/options:
--with-bsdauth --with-bsdauth
Enable support for BSD authentication on BSD/OS and OpenBSD. Enable support for BSD authentication on BSD/OS and OpenBSD.
This option assumes --with-logincap as well. It is not This option implies --with-logincap. It is not possible
possible to mix BSD authentication with other authentication to mix BSD authentication with other authentication methods
methods (and there really should be no need to do so). Note (and there really should be no need to do so). Note that
that only the newer BSD authentication API is supported. only the newer BSD authentication API is supported. If you
If you don't have /usr/include/bsd_auth.h then you cannot don't have /usr/include/bsd_auth.h then you cannot use this.
use this.
--disable-root-mailer --disable-root-mailer
By default sudo will run the mailer as root when tattling By default sudo will run the mailer as root when tattling
@@ -211,37 +213,40 @@ Special features/options:
user which some people consider to be safer. user which some people consider to be safer.
--disable-saved-ids --disable-saved-ids
Disable use of POSIX saved IDs. Normally, sudo will try to Disable use of POSIX saved IDs. Normally, sudo will try
use POSIX saved IDs if they are supported. However, some to use POSIX saved IDs if they are supported. However,
implementations are broken. some implementations are broken.
--disable-setreuid --disable-setreuid
Disable use of the setreuid() function for operating systems Disable use of the setreuid() function for operating systems
where it is broken. 4.4BSD has setreuid() but it doesn't really work. where it is broken. 4.4BSD has setreuid() but it doesn't
really work.
--disable-sia --disable-sia
Disable SIA support. This is the "Security Integration Architecture" Disable SIA support. This is the "Security Integration
on Digital UNIX. If you disable SIA sudo will use its own Architecture" on Digital UNIX. If you disable SIA sudo will
authentication routines. use its own authentication routines.
--disable-shadow --disable-shadow
Disable shadow password support. Normally, sudo will compile in shadow Disable shadow password support. Normally, sudo will compile
password support and use a shadow password if it exists. in shadow password support and use a shadow password if it
exists.
--with-sudoers-mode=mode --with-sudoers-mode=MODE
File mode for the sudoers file (octal). Note that if you wish to File mode for the sudoers file (octal). Note that if you
NFS-mount the sudoers file this must be group readable. Also note wish to NFS-mount the sudoers file this must be group
that this is actually set in the Makefile. The default mode is 0440. readable. Also note that this is actually set in the
Makefile. The default mode is 0440.
--with-sudoers-uid --with-sudoers-uid=UID
User id that "owns" the sudoers file. Note that this is the numeric User id that "owns" the sudoers file. Note that this is
id, *not* the symbolic name. Also note that this is actually set in the numeric id, *not* the symbolic name. Also note that
the Makefile. The default is 0. this is actually set in the Makefile. The default is 0.
--with-sudoers-gid --with-sudoers-gid=GID
Group id that "owns" the sudoers file. Note that this is the numeric Group id that "owns" the sudoers file. Note that this is
id, *not* the symbolic name. Also note that this is actually set in the numeric id, *not* the symbolic name. Also note that
the Makefile. The default is 0. this is actually set in the Makefile. The default is 0.
--with-execv --with-execv
Use execv() to exec the command instead of execvp(). I can't think of Use execv() to exec the command instead of execvp(). I can't think of
@@ -252,15 +257,16 @@ Special features/options:
4.3BSD). This is off by default. 4.3BSD). This is off by default.
--without-interfaces --without-interfaces
This option keeps sudo from trying to glean the ip address from each This option keeps sudo from trying to glean the ip address
attached ethernet interface. It is only useful on a machine where from each attached ethernet interface. It is only useful
sudo's interface reading support does not work, which may be the case on a machine where sudo's interface reading support does
on some SysV-based OS's using STREAMS. not work, which may be the case on some SysV-based OS's
using STREAMS.
--without-passwd --without-passwd
This option excludes authentication via the passwd (or shadow) file. This option excludes authentication via the passwd (or
It should only be used when another, alternate, authentication shadow) file. It should only be used when another, alternate,
scheme is in use. authentication scheme is in use.
--with-otp-only --with-otp-only
This option is now just an alias for --without-passwd. This option is now just an alias for --without-passwd.
@@ -268,40 +274,43 @@ Special features/options:
The following options are also configurable at runtime: The following options are also configurable at runtime:
--with-long-otp-prompt --with-long-otp-prompt
When validating with a One Time Password scheme (S/Key or OPIE), a When validating with a One Time Password scheme (S/Key or
two-line prompt is used to make it easier to cut and paste the OPIE), a two-line prompt is used to make it easier to cut
challenge to a local window. It's not as pretty as the default but and paste the challenge to a local window. It's not as
some people find it more convenient. pretty as the default but some people find it more convenient.
--with-logging=TYPE --with-logging=TYPE
How you want to do your logging. You may choose "syslog", "file", How you want to do your logging. You may choose "syslog",
or "both". Setting this to "syslog" is nice because you can keep all "file", or "both". Setting this to "syslog" is nice because
of your sudo logs in one place (see the sample.syslog.conf file). you can keep all of your sudo logs in one place (see the
The default is "syslog". sample.syslog.conf file). The default is "syslog".
--with-logfac=FACILITY --with-logfac=FACILITY
Determines which syslog facility to log to. This requires a 4.3BSD Determines which syslog facility to log to. This requires
or later version of syslog. You can still set this for ancient a 4.3BSD or later version of syslog. You can still set
syslogs but it will have no effect. The following facilities are this for ancient syslogs but it will have no effect. The
supported: authpriv (if your OS supports it), auth, daemon, user, following facilities are supported: authpriv (if your OS
local0, local1, local2, local3, local4, local5, local6, and local7. supports it), auth, daemon, user, local0, local1, local2,
local3, local4, local5, local6, and local7.
--with-goodpri=PRIORITY --with-goodpri=PRIORITY
Determines which syslog priority to log successfully authenticated Determines which syslog priority to log successfully
commands. The following priorities are supported: alert, crit, authenticated commands. The following priorities are
debug, emerg, err, info, notice, and warning. supported: alert, crit, debug, emerg, err, info, notice,
and warning.
--with-badpri=PRIORITY --with-badpri=PRIORITY
Determines which syslog priority to log unauthenticated commands Determines which syslog priority to log unauthenticated
and errors. The following priorities are supported: alert, crit, commands and errors. The following priorities are supported:
debug, emerg, err, info, notice, and warning. alert, crit, debug, emerg, err, info, notice, and warning.
--with-logpath=path --with-logpath=PATH
Override the default location of the sudo log file and use "path" Override the default location of the sudo log file and use
instead. By default will use /var/log/sudo.log if there is a /var/log "path" instead. By default will use /var/log/sudo.log if
dir, falling back to /var/adm/sudo.log or /usr/adm/sudo.log if not. there is a /var/log dir, falling back to /var/adm/sudo.log
or /usr/adm/sudo.log if not.
--with-loglen --with-loglen=NUMBER
Number of characters per line for the file log. This is only used if Number of characters per line for the file log. This is only used if
you are to "file" or "both". This value is used to decide when to wrap you are to "file" or "both". This value is used to decide when to wrap
lines for nicer log files. The default is 80. Setting this to 0 lines for nicer log files. The default is 80. Setting this to 0
@@ -311,11 +320,11 @@ The following options are also configurable at runtime:
If set, sudo will ignore '.' or '' (current dir) in $PATH. If set, sudo will ignore '.' or '' (current dir) in $PATH.
The $PATH itself is not modified. The $PATH itself is not modified.
--with-mailto --with-mailto=USER|MAIL_ALIAS
User that mail from sudo is sent to. This should go to a sysadmin at User (or mail alias) that mail from sudo is sent to.
your site. The default is "root". This should go to a sysadmin at your site. The default is "root".
--with-mailsubject --with-mailsubject="SUBJECT OF MAIL"
Subject of the mail sent to the "mailto" user. The token "%h" Subject of the mail sent to the "mailto" user. The token "%h"
will expand to the hostname of the machine. will expand to the hostname of the machine.
Default is "*** SECURITY information for %h ***". Default is "*** SECURITY information for %h ***".
@@ -332,13 +341,13 @@ The following options are also configurable at runtime:
Send mail to the "alermail" user if the user is allowed to use sudo but Send mail to the "alermail" user if the user is allowed to use sudo but
the command they are trying is not listed in their sudoers file entry. the command they are trying is not listed in their sudoers file entry.
--with-passprompt --with-passprompt="PASSWORD PROMPT"
Default prompt to use when asking for a password; can be overridden Default prompt to use when asking for a password; can be overridden
via the -p option and the SUDO_PROMPT environment variable. Supports via the -p option and the SUDO_PROMPT environment variable. Supports
two escapes: "%u" expands to the user's login name and "%h" expands two escapes: "%u" expands to the user's login name and "%h" expands
to the local hostname. Default is "Password:". to the local hostname. Default is "Password:".
--with-badpass-message --with-badpass-message="BAD PASSWORD MESSAGE"
Message that is displayed if a user enters an incorrect password. Message that is displayed if a user enters an incorrect password.
The default is "Sorry, try again." unless insults are turned on. The default is "Sorry, try again." unless insults are turned on.
@@ -352,42 +361,42 @@ The following options are also configurable at runtime:
a host alias (CNAME entry) due to performance issues and the fact that a host alias (CNAME entry) due to performance issues and the fact that
there is no way to get all aliases from DNS. there is no way to get all aliases from DNS.
--with-timedir=path --with-timedir=PATH
Override the default location of the sudo timestamp directory and Override the default location of the sudo timestamp directory and
use "path" instead. use "path" instead.
--with-sendmail=path --with-sendmail=PATH
Override configure's guess as to the location of sendmail. Override configure's guess as to the location of sendmail.
--without-sendmail --without-sendmail
Do not use sendmail to mail messages to the "mailto" user. Do not use sendmail to mail messages to the "mailto" user.
Use only if don't run sendmail or the equivalent. Use only if don't run sendmail or the equivalent.
--with-umask --with-umask=MASK
Umask to use when running the root command. The default is 0022. Umask to use when running the root command. The default is 0022.
--without-umask --without-umask
Preserves the umask of the user invoking sudo. Preserves the umask of the user invoking sudo.
--with-runas-default=user --with-runas-default=USER
The default user to run commands as if the -u flag is not specified The default user to run commands as if the -u flag is not specified
on the command line. This defaults to "root". on the command line. This defaults to "root".
--with-exempt=group --with-exempt=GROUP
Users in the specified group don't need to enter a password when Users in the specified group don't need to enter a password when
running sudo. This may be useful for sites that don't want their running sudo. This may be useful for sites that don't want their
"core" sysadmins to have to enter a password but where Jr. sysadmins "core" sysadmins to have to enter a password but where Jr. sysadmins
need to. You should probably use NOPASSWD in sudoers instead. need to. You should probably use NOPASSWD in sudoers instead.
--with-passwd-tries=tries --with-passwd-tries=NUMBER
Number of tries a user gets to enter his/her password before sudo logs Number of tries a user gets to enter his/her password before sudo logs
the failure and exits. The default is 3. the failure and exits. The default is 3.
--with-timeout=minutes --with-timeout=NUMBER
Number of minutes that can elapse before sudo will ask for a passwd Number of minutes that can elapse before sudo will ask for a passwd
again. The default is 5, set this to 0 to always prompt for a password. again. The default is 5, set this to 0 to always prompt for a password.
--with-password-timeout=minutes --with-password-timeout=NUMBER
Number of minutes before the sudo password prompt times out. Number of minutes before the sudo password prompt times out.
The default is 5, set this to 0 for no password timeout. The default is 5, set this to 0 for no password timeout.
@@ -429,7 +438,7 @@ The following options are also configurable at runtime:
password is entered. You must either specify --with-insults or password is entered. You must either specify --with-insults or
enable insults in the sudoers file for this to have any effect. enable insults in the sudoers file for this to have any effect.
--with-secure-path[=path] --with-secure-path[=PATH]
Path used for every command run from sudo(8). If you don't trust the Path used for every command run from sudo(8). If you don't trust the
people running sudo to have a sane PATH environment variable you may people running sudo to have a sane PATH environment variable you may
want to use this. Another use is if you want to have the "root path" want to use this. Another use is if you want to have the "root path"
@@ -441,7 +450,7 @@ The following options are also configurable at runtime:
--without-lecture --without-lecture
Don't print the lecture the first time a user runs sudo. Don't print the lecture the first time a user runs sudo.
--with-editor=path --with-editor=PATH
Specify the default editor path for use by visudo. This may be Specify the default editor path for use by visudo. This may be
a single pathname or a colon-separated list of editors. In a single pathname or a colon-separated list of editors. In
the latter case, visudo will choose the editor that matches the latter case, visudo will choose the editor that matches