From 3bd572ba80f8e65095a3fb643007b2937f275a4b Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Sun, 5 Dec 2021 21:02:04 -0700 Subject: [PATCH] Convert README and docs files to markdown. This makes things look better on GitHub and we can use the markdown version directly in the new sudo web site. --- INSTALL | 1025 ------------------------ INSTALL.md | 1025 ++++++++++++++++++++++++ MANIFEST | 16 +- README | 84 -- README.LDAP => README.LDAP.md | 115 +-- README.md | 103 +++ docs/CONTRIBUTING.md | 10 +- docs/{CONTRIBUTORS => CONTRIBUTORS.md} | 4 +- docs/{HISTORY => HISTORY.md} | 23 +- docs/LICENSE | 347 -------- docs/LICENSE.md | 347 ++++++++ docs/Makefile.in | 10 +- docs/TROUBLESHOOTING | 295 ------- docs/TROUBLESHOOTING.md | 337 ++++++++ docs/UPGRADE | 560 ------------- docs/UPGRADE.md | 577 +++++++++++++ etc/sudo-logsrvd.pp | 4 +- etc/sudo-python.pp | 4 +- etc/sudo.pp | 6 +- 19 files changed, 2493 insertions(+), 2399 deletions(-) delete mode 100644 INSTALL create mode 100644 INSTALL.md delete mode 100644 README rename README.LDAP => README.LDAP.md (72%) create mode 100644 README.md rename docs/{CONTRIBUTORS => CONTRIBUTORS.md} (97%) rename docs/{HISTORY => HISTORY.md} (91%) delete mode 100644 docs/LICENSE create mode 100644 docs/LICENSE.md delete mode 100644 docs/TROUBLESHOOTING create mode 100644 docs/TROUBLESHOOTING.md delete mode 100644 docs/UPGRADE create mode 100644 docs/UPGRADE.md diff --git a/INSTALL b/INSTALL deleted file mode 100644 index 9f07fdd09..000000000 --- a/INSTALL +++ /dev/null @@ -1,1025 +0,0 @@ -Sudo installation instructions -============================== - -Sudo uses a `configure' script to probe the capabilities and type -of the system in question. In this release, `configure' takes many -more options than it did before. Please read this document fully -before configuring and building sudo. You may also wish to read the -file INSTALL.configure which explains more about the `configure' script. - -System requirements -=================== - -To build sudo from the source distribution you need a POSIX-compliant -operating system (any modern version of BSD, Linux or Unix should work), -an ANSI/ISO C compiler that supports the "long long" type, variadic -macros (a C99 feature) as well as the ar, make and ranlib utilities. - -If you wish to modify the parser then you will need flex version -2.5.2 or later and either bison or byacc (sudo comes with a -pre-generated parser). You'll also have to run configure with the ---with-devel option or pass DEVEL=1 to make. You can get flex from -http://flex.sourceforge.net/. You can get GNU bison from -ftp://ftp.gnu.org/pub/gnu/bison/ or any GNU mirror. - -Simple sudo installation -======================== - -For most systems and configurations it is possible simply to: - - 0) If you are upgrading from a previous version of sudo - please read the info in the docs/UPGRADE file before proceeding. - - 1) Read the `OS dependent notes' section for any particular - "gotchas" relating to your operating system. - - 2) `cd' to the source or build directory and type `./configure' - to generate a Makefile and config.h file suitable for building - sudo. Before you actually run configure you should read the - `Available configure options' section to see if there are - any special options you may want or need. - - 4) Type `make' to compile sudo. If you are building sudo - in a separate build tree (apart from the sudo source) GNU - make will probably be required. If `configure' did its job - properly (and you have a supported configuration) there won't - be any problems. If this doesn't work, take a look at the - docs/TROUBLESHOOTING file for tips on what might have gone - wrong. Please mail us if you have a fix or if you are unable - to come up with a fix (address at EOF). - - 5) Type `make install' (as root) to install sudo, visudo, the - man pages, and a skeleton sudoers file. Note that the install - will not overwrite an existing sudoers file. You can also - install various pieces the package via the install-binaries, - install-doc, and install-sudoers make targets. - - 6) Edit the sudoers file with `visudo' as necessary for your - site. You will probably want to refer the example sudoers - file and sudoers man page included with the sudo package. - - 7) If you want to use syslogd(8) to do the logging, you'll need - to update your /etc/syslog.conf file. See the example syslog.conf - file included in the distribution for an example. - -Available configure options -=========================== - -This section describes flags accepted by the sudo's `configure' script. -Defaults are listed in brackets after the description. - -Configuration: - --cache-file=FILE - Cache test results in FILE - - --config-cache, -C - Alias for `--cache-file=config.cache' - - --help, -h - Print the usage/help info - - --no-create, -n - Do not create output files - - --quiet, --silent, -q - Do not print `checking...' messages - - --srcdir=DIR - Find the sources in DIR [configure dir or `..'] - -Directory and file names: - --prefix=PREFIX - Install architecture-independent files in PREFIX. [/usr/local] - - --exec-prefix=EPREFIX - Install architecture-dependent files in EPREFIX. - This includes the executables and plugins. [same as PREFIX] - - --bindir=DIR - Install `sudo', `sudoedit' and `sudoreplay' in DIR. [EPREFIX/bin] - - --sbindir=DIR - Install `visudo' in DIR. [EPREFIX/sbin] - - --libexecdir=DIR - Install plugins and helper programs in DIR/sudo [PREFIX/libexec/sudo] - - --sysconfdir=DIR - Look for `sudo.conf' and `sudoers' files in DIR. [/etc] - - --includedir=DIR - Install sudo_plugin.h include file in DIR [PREFIX/include] - - --datarootdir=DIR - Root directory for platform-independent data files [PREFIX/share] - - --localedir=DIR - Install sudo and sudoers locale files in DIR [DATAROOTDIR/locale] - - --mandir=DIR - Install man pages in DIR [PREFIX/man] - - --docdir=DIR - Install other sudo documentation in DIR [DATAROOTDIR/doc/sudo] - - --with-exampledir=DIR - Install sudo example files in DIR [DATAROOTDIR/doc/sudo/examples] - - --with-plugindir=DIR - The directory that sudo looks in to find the policy and I/O - logging plugins. Defaults to the LIBEXEC/sudo. - - --with-rundir=DIR - The directory to be used for sudo-specific files that do - not survive a system reboot. This is typically where the - time stamp directory is located. By default, configure - will choose from the following list: - /run/sudo /var/run/sudo, /var/db/sudo, /var/lib/sudo, - /var/adm/sudo, /usr/adm/sudo - This directory should be cleared when the system reboots. - On systems that lack /run or /var/run, the default rundir and - vardir may be the same. In this case, only the ts directory - inside the rundir needs to be cleared at boot time. - - --with-vardir=DIR - The directory to be used for sudo-specific files that survive - a system reboot. This is typically where the lecture status - directory is stored. By default, configure will choose - from the following list: - /var/db/sudo, /var/lib/sudo, /var/adm/sudo, /usr/adm/sudo - This directory should *not* be cleared when the system boots. - - --with-relaydir=DIR - The directory to be used for sudo_logsrvd relay temporary files. - When sudo_logsrvd is configured as a store-and-forward relay, - the journaled data is written to this directory before it is - forwarded to a relay server. - - --with-tzdir=DIR - The directory to the system's time zone data files. This - is only used when sanitizing the TZ environment variable - to allow for fully-qualified paths in TZ. By default, - configure will look for an existing "zoneinfo" directory - in the following locations: - /usr/share /usr/share/lib /usr/lib /etc - If no zoneinfo directory is found, the TZ variable may not - contain a fully-qualified path. - -Compilation options: - --enable-sanitizer=[flags] - Enable the use of sanitizers such as AddressSanitizer and - UndefinedBehaviorSanitizer if supported by the compiler. - This can help detect common problems such as buffer overflows - and use after free bugs as well as behavior not defined by - the C standard. For more information see: - https://github.com/google/sanitizers/wiki - - If no flags are specified by the user, a default value of - "-fsanitize=address,undefined" will be used. - - This option should only be used for testing and not in a - production environment. Due to some sanitizers' unchecked - use of environment variables, it is trivial to exploit a - setuid root executable such as sudo. - - --enable-fuzzer - Enable building sudo with the LLVM libFuzzer, see - https://www.llvm.org/docs/LibFuzzer.html for details. - The resulting binaries, beginning with "fuzz_" can be used - to test sudo. To run all the fuzzers for 8192 iterations, - "make fuzz" can be used. This option is generally used in - conjunction with --enable-sanitizer. - - Fuzzing currently requires the clang C compiler--it is not - supported by gcc. For best results, it is suggested to use - clang 11 or higher. Some of the fuzzers are known to hang - when used with earlier versions. - - This option should only be used for testing and not in a - production environment. - - --enable-fuzzer-engine=library - The library to use when linking fuzz targets instead of - LLVM's libFuzzer. It is intended to be set to the path to - an alternate fuzzing library, such as AFL++ or Honggfuzz. - - --enable-fuzzer-linker=command - An alternate linker command to use when building fuzz - targets, instead of clang. It may be necessary to set this - when using the --enable-fuzzer-engine option to link with - a fuzzer engine that requires C++ libraries. For oss-fuzz, - this option is used to cause fuzz targets to be linked with - clang++. - - --disable-hardening - Disable the use of compiler/linker exploit mitigation options - which are enabled by default. This includes compiling with - _FORTIFY_SOURCE defined to 2, building with -fstack-protector - and linking with -zrelro, where supported. - - --disable-ssp - Disable use of the -fstack-protector compiler option. - This does not affect the other hardening options. - - --disable-leaks - Avoid leaking memory even when we are headed for exit, - which helps reduce the noise from static and active analyzers. - This option should only be used for testing and not in a - production environment. - - --enable-pie - Build sudo and related programs as as a position independent - executables (PIE). This improves the effectiveness of address - space layout randomization (ASLR) on systems that support it. - Sudo will create PIE binaries by default on Linux systems. - - --disable-pie - Disable the creation of position independent executables (PIE), - even if the compiler creates PIE binaries by default. This - option may be needed on some Linux systems where PIE binaries - are not fully supported. - - --disable-poll - Use select() instead of poll() in the event loop. By default, - sudo will use poll() on systems that support it. Some systems - have a broken poll() implementation and need to use select instead. - On Mac OS X, select() is always used since its poll() doesn't - support devices. - - --disable-rpath - By default, configure will use -Rpath in addition to -Lpath - when passing library paths to the loader. This option will - disable the use of -Rpath. - - --disable-shared - Disable dynamic shared object support. By default, sudo - is built with a plugin API capable of loading arbitrary - policy and I/O logging plugins. If the --disable-shared - option is specified, this support is disabled and the default - sudoers policy and I/O plugins are embedded in the sudo - binary itself. This will also disable the intercept and noexec - options as they also rely on dynamic shared object support. - - --disable-shared-libutil - Disable the use of the dynamic libsudo_util library. By - default, sudo, the sudoers plugin and the associated sudo - utilities are linked against a shared version of libsudo_util. - If the --disable-shared-libutil option is specified, a - static version of the libsudo_util library will be used - instead. This option may only be used in conjunction with - the --enable-static-sudoers option. - - --enable-static-sudoers - By default, the sudoers plugin is built and installed as a - dynamic shared object. When the --enable-static-sudoers - option is specified, the sudoers plugin is compiled directly - into the sudo binary. Unlike --disable-shared, this does - not prevent other plugins from being used and the intercept - and noexec options will continue to function. - - --enable-tmpfiles.d=DIR - Set the directory to be used when installing the sudo - tmpfiles.d file. This is used to create (or clear) the - sudo time stamp directory on operating systems that use - systemd. If this option is not specified, configure will - use the /usr/lib/tmpfiles.d directory if the file - /usr/lib/tmpfiles.d/systemd.conf exists. - - --enable-zlib[=location] - Enable the use of the zlib compress library when storing - I/O log files. If specified, location is the base directory - containing the zlib include and lib directories. The special - values "system", "builtin", "shared" and "static" can be - used to indicate that the system version of zlib should be - used or that the version of zlib shipped with sudo should - be used instead. If "static" is specified, sudo will - statically link the builtin zlib and not install it. If - this option is not specified, configure will use the system - zlib if it is present, falling back on the sudo version. - - --with-incpath=DIR - Adds the specified directory (or directories) to CPPFLAGS - so configure and the compiler will look there for include - files. Multiple directories may be specified as long as - they are space separated. - E.g. --with-incpath="/usr/local/include /opt/include" - - --with-libpath=DIR - Adds the specified directory (or directories) to LDFLAGS - so configure and the compiler will look there for libraries. - Multiple directories may be specified as with --with-incpath. - - --with-libraries=LIBRARY - Adds the specified library (or libraries) to SUDO_LIBS and - and VISUDO_LIBS so sudo will link against them. If the - library doesn't start with `-l' or end in `.a' or `.o' a - `-l' will be pre-pended to it. Multiple libraries may be - specified as long as they are space separated. - - --with-libtool=PATH - By default, sudo will use the included version of libtool - to build shared libraries. The --with-libtool option can - be used to specify a different version of libtool to use. - The special values "system" and "builtin" can be used in - place of a path to denote the default system libtool (obtained - via the user's PATH) and the default libtool that comes - with sudo. - -Optional features: - --disable-root-mailer - By default sudo will run the mailer as root when tattling - on a user so as to prevent that user from killing the mailer. - With this option, sudo will run the mailer as the invoking - user which some people consider to be safer. - - --enable-nls[=location] - Enable natural language support using the gettext() family - of functions. If specified, location is the base directory - containing the libintl include and lib directories. If - this option is not specified, configure will look for the - gettext() family of functions in the standard C library - first, then check for a standalone libintl (linking with - libiconv as needed). - - --disable-nls - Disable natural language support. By default, sudo will - use the gettext() family of functions, if available, to - implement messages in the invoking user's native language. - Note that translations do not exist for all languages. - - --with-ldap[=DIR] - Enable LDAP support. If specified, DIR is the base directory - containing the LDAP include and lib directories. Please see - README.LDAP for more information. - - --with-ldap-conf-file=PATH - Path to LDAP configuration file. If specified, sudo reads - this file instead of /etc/ldap.conf to locate the LDAP server. - - --with-ldap-secret-file=PATH - Path to LDAP secret password file. If specified, sudo uses - this file instead of /etc/ldap.secret to read the secret password - when rootbinddn is specified in the ldap config file. - - --disable-sasl - Disable SASL authentication for LDAP. By default, sudo - will compile in support for SASL authentication if the - ldap_sasl_interactive_bind_s() function is present in the - LDAP libraries. - - --with-logincap - This adds support for login classes specified in /etc/login.conf. - It is enabled by default on BSD/OS, Darwin, FreeBSD, OpenBSD and - NetBSD (where available). By default, a login class is not applied - unless the 'use_loginclass' option is defined in sudoers or the user - specifies a class on the command line. - - --with-interfaces=no, --without-interfaces - This option keeps sudo from trying to glean the ip address - from each attached network interface. It is only useful - on a machine where sudo's interface reading support does - not work, which may be the case on some SysV-based OS's - using STREAMS. - - --enable-intercept[=PATH] - Enable support for the "intercept" functionality which - allows sudo to perform a policy check when a dynamically-linked - program run by sudo attempts to execute another program. - This is also used to support the "log_subcmds" sudoers - setting. For example, this means that for a shell run - through sudo, the individual commands run by the shell are - also subject to rules in the sudoers file. Please see the - "Preventing Shell Escapes" section in the sudoers man page - for details. If specified, PATH should be a fully qualified - path name, e.g. /usr/local/libexec/sudo/sudo_intercept.so. - If PATH is "no", intercept support will not be compiled in. - The default is to compile intercept support if libtool - supports building shared objects on your system. - - --with-noexec[=PATH] - Enable support for the "noexec" functionality which prevents - a dynamically-linked program being run by sudo from executing - another program (think shell escapes). Please see the - "Preventing Shell Escapes" section in the sudoers man page - for details. If specified, PATH should be a fully qualified - path name, e.g. /usr/local/libexec/sudo/sudo_noexec.so. If PATH - is "no", noexec support will not be compiled in. The default - is to compile noexec support if libtool supports building - shared objects on your system. - - --with-selinux - Enable support for role based access control (RBAC) on - systems that support SELinux. - - --with-sssd - Enable support for using the System Security Services Daemon - (SSSD) as a sudoers data source. For more information on - SSD, see http://fedorahosted.org/sssd/ - - --with-sssd-conf=PATH - Specify the path to the SSSD configuration file, if different - from the default value of /etc/sssd/sssd.conf. - - --with-sssd-lib=PATH - Specify the path to the SSSD shared library, which is loaded - at run-time. - - --enable-offensive-insults - Enable potentially offensive sudo insults from the classic - version of sudo. - - --enable-pvs-studio - Generate a sample PVS-Studio.cfg file based on the compiler and - platform type. The "pvs-studio" Makefile target can then be - used if PVS-Studio is installed. - - --enable-python - Enable support for sudo plugins written in Python 3. - This requires a Python 3 development environment (including - Python 3 header files). - - --disable-log-server - Disable building the sudo_logsrvd log server. - - --disable-log-client - Disable sudoers support for using the sudo_logsrvd log server. - -Operating system-specific options: - --disable-setreuid - Disable use of the setreuid() function for operating systems - where it is broken. For instance, 4.4BSD has setreuid() that - is not fully functional. - - --disable-setresuid - Disable use of the setresuid() function for operating systems - where it is broken (none currently known). - - --enable-admin-flag[=PATH] - Enable the creation of an Ubuntu-style admin flag file the - first time sudo is run. If PATH is not specified, the - default value is: - ~/.sudo_as_admin_successful - - --enable-devsearch=PATH - Set a system-specific search path of directories to look in - for device nodes. Sudo uses this when mapping the process's - tty device number to a device name. The default value is: - /dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev - - --with-bsm-audit - Enable support for sudo BSM audit logs on systems that support it. - This includes recent versions of FreeBSD, Mac OS X and Solaris. - - --with-linux-audit - Enable audit support for Linux systems. Audits attempts - to run a command as well as SELinux role changes. - - --with-man - Use the "man" macros for manual pages. By default, mdoc versions - of the manuals are installed if supported. This can be used to - override configure's test for "nroff -mdoc" support. - - --with-mdoc - Use the "mdoc" macros for manual pages. By default, mdoc versions - of the manuals are installed if supported. This can be used to - override configure's test for "nroff -mdoc" support. - - --with-netsvc[=PATH] - Path to netsvc.conf or "no" to disable netsvc.conf support. - If specified, sudo uses this file instead of /etc/netsvc.conf - on AIX systems. If netsvc support is disabled but LDAP is - enabled, sudo will check LDAP first, then the sudoers file. - - --with-nsswitch[=PATH] - Path to nsswitch.conf or "no" to disable nsswitch support. - If specified, sudo uses this file instead of /etc/nsswitch.conf. - If nsswitch support is disabled but LDAP is enabled, sudo will - check LDAP first, then the sudoers file. - - --with-project - Enable support for Solaris project resource limits. - This option is only available on Solaris 9 and above. - -Authentication options: - --with-AFS - Enable AFS support with Kerberos authentication. Should work under - AFS 3.3. If your AFS doesn't have -laudit you should be able to - link without it. - - --with-aixauth - Enable support for the AIX general authentication function. - This will use the authentication scheme specified for the - user on the machine. By default, sudo will use either AIX - authentication or PAM depending on the value of the auth_type - setting in the /etc/security/login.cfg file. - - --with-bsdauth - Enable support for BSD authentication. This is the default - for BSD/OS and OpenBSD systems that support it. - It is not possible to mix BSD authentication with other - authentication methods (and there really should be no need - to do so). Note that only the newer BSD authentication API - is supported. If you don't have /usr/include/bsd_auth.h - then you cannot use this. - - --with-DCE - Enable DCE support for systems without PAM. Known to work on - HP-UX 9.X, 10.X, and 11.0; other systems may require source - code and/or `configure' changes. On systems with PAM support - (such as HP-UX 11.0 and higher, Solaris, FreeBSD and Linux), the - DCE PAM module (usually libpam_dce) should be used instead. - - --with-fwtk[=DIR] - Enable TIS Firewall Toolkit (FWTK) 'authsrv' support. If specified, - DIR is the base directory containing the compiled FWTK package - (or at least the library and header files). - - --with-kerb5[=DIR] - Enable Kerberos V support. If specified, DIR is the base - directory containing the Kerberos V include and lib dirs. - This uses Kerberos pass phrases for authentication but - does not use the Kerberos cookie scheme. Will not work for - Kerberos V older than version 1.1. - - --enable-kerb5-instance=string - By default, the user name is used as the principal name - when authenticating via Kerberos V. If this option is - enabled, the specified instance string will be appended to - the user name (separated by a slash) when creating the - principal name. - - --with-solaris-audit - Enable audit support for Solaris 11 and above. - For older versions of Solaris, use --with-bsm-audit - - --with-opie[=DIR] - Enable NRL OPIE OTP (One Time Password) support. If specified, - DIR should contain include and lib directories with opie.h - and libopie.a respectively. - - --with-otp-only - This option is now just an alias for --without-passwd. - - --with-pam - Enable PAM support. This is on by default for Darwin, FreeBSD, - Linux, Solaris and HP-UX (version 11 and higher). - - NOTE: on RedHat Linux and Fedora you *must* have an /etc/pam.d/sudo - file install. You may either use the example pam.conf file included - with sudo or use /etc/pam.d/su as a reference. The pam.conf file - included with sudo may or may not work with other Linux distributions. - On Solaris and HP-UX 11 systems you should check (and understand) - the contents of /etc/pam.conf. Do a "man pam.conf" for more - information and consider using the "debug" option, if available, - with your PAM libraries in /etc/pam.conf to obtain syslog output - for debugging purposes. - - --with-pam-login - Enable a specific PAM session when sudo is given the -i option. - This changes the PAM service name when sudo is run with the -i - option from "sudo" to "sudo-i", allowing for a separate pam - configuration for sudo's initial login mode. - - --disable-pam-session - Disable sudo's PAM session support. This may be needed on - older PAM implementations or on operating systems where - opening a PAM session changes the utmp or wtmp files. If - PAM session support is disabled, resource limits may not - be updated for the command being run. - - --with-passwd=no, --without-passwd - This option excludes authentication via the passwd (or - shadow) file. It should only be used when another, alternative, - authentication scheme is in use. - - --with-SecurID[=DIR] - Enable SecurID support. If specified, DIR is directory containing - libaceclnt.a, acexport.h, and sdacmvls.h. - - --with-skey[=DIR] - Enable S/Key OTP (One Time Password) support. If specified, - DIR should contain include and lib directories with skey.h - and libskey.a respectively. - - --disable-sia - Disable SIA support. This is the "Security Integration - Architecture" on Digital UNIX. If you disable SIA sudo will - use its own authentication routines. - - --disable-shadow - Disable shadow password support. Normally, sudo will compile - in shadow password support and use a shadow password if it - exists. - - --enable-gss-krb5-ccache-name - Use the gss_krb5_ccache_name() function to set the Kerberos - V credential cache file name. By default, sudo will use - the KRB5CCNAME environment variable to set this. While - gss_krb5_ccache_name() provides a better API to do this it - is not supported by all Kerberos V and SASL combinations. - - --enable-gcrypt[=DIR] - Use GNU crypt's SHA-2 message digest functions instead of - OpenSSL or the ones bundled with sudo (or in the system's - C library). If specified, DIR should contain the GNU crypt - include and lib directories. This option only has an effect - when OpenSSL 1.0.1 or higher is not present on the system - or the --disable-openssl option is also specified. - - --enable-openssl[=DIR] - Use OpenSSL's TLS and SHA-2 message digest functions. If - it is detected, OpenSSL will be used by default unless the - sudo log client and server are disabled via the - --disable-log-client and --disable-log-server options. To - explicitly disable the use of OpenSSL, the --disable-openssl - option can be used. OpenSSL versions prior to 1.0.1 will - not be used as they do not support TLS 1.2. If specified, - DIR should contain the OpenSSL include and lib directories. - - --enable-openssl-pkgconfig-template=template - A printf-style template used to construct the name of the - openssl and libcrypto pkg-config files. For example, a - template of "e%s30" would cause "eopenssl30" and "libecrypto30" - to be used instead. This makes it possible to link with - the OpenSSL 3.0 package on OpenBSD. Defaults to "%s". - - --enable-wolfssl[=DIR] - Use wolfSSL's TLS and SHA-2 message digest functions. If - specified, DIR should contain the OpenSSL include and lib - directories. - -Development options: - --enable-env-debug - Enable debugging of the environment setting functions. This - enables extra checks to make sure the environment does not - become corrupted. - - --enable-warnings - Enable compiler warnings when building sudo with gcc or clang. - - --enable-werror - Enable the -Werror compiler option when building sudo with - gcc or clang. - - --with-devel - Configure development options. This will enable compiler warnings - and set up the Makefile to be able to regenerate the sudoers parser - as well as the manual pages. - -Options that set runtime-changeable default values: - --disable-authentication - By default, sudo requires the user to authenticate via a - password or similar means. This options causes sudo to - *not* require authentication. It is possible to turn - authentication back on in sudoers via the PASSWD attribute. - Sudoers option: !authenticate - - --disable-env-reset - Disable environment resetting. This sets the default value - of the "env_reset" Defaults option in sudoers to false. - Sudoers option: !env_reset - - --disable-path-info - Normally, sudo will tell the user when a command could not be found - in their $PATH. Some sites may wish to disable this as it could - be used to gather information on the location of executables that - the normal user does not have access to. The disadvantage is that - if the executable is simply not in the user's path, sudo will tell - the user that they are not allowed to run it, which can be confusing. - Sudoers option: path_info - - --disable-root-sudo - Don't let root run sudo. This can be used to prevent people from - "chaining" sudo commands to get a root shell by doing something - like "sudo sudo /bin/sh". - Sudoers option: !root_sudo - - --disable-zlib - Disable the use of the zlib compress library when storing - I/O log files. - Sudoers option: !compress_io - - --enable-log-host - Log the hostname in the log file. - Sudoers option: log_host - - --enable-noargs-shell - If sudo is invoked with no arguments it acts as if the "-s" flag had - been given. That is, it runs a shell as root (the shell is determined - by the SHELL environment variable, falling back on the shell listed - in the invoking user's /etc/passwd entry). - Sudoers option: shell_noargs - - --enable-shell-sets-home - If sudo is invoked with the "-s" flag the HOME environment variable - will be set to the home directory of the target user (which is root - unless the "-u" option is used). This option effectively makes the - "-s" flag imply "-H". - Sudoers option: set_home - - --enable-timestamp-type=TYPE - Set the default time stamp record type. The TYPE may be "global" - (a single record per user), "ppid" (a single record for process - with the same parent process), or "tty" (a separate record for - each login session). The default is "tty". - Sudoers option: timestamp_type - - --with-all-insults - Include all the insult sets listed below. You must either specify - --with-insults or enable insults in the sudoers file for this to - have any effect. - - --with-askpass=PATH - Set PATH as the "askpass" program to use when no tty is - available. Typically, this is a graphical password prompter, - similar to the one used by ssh. The program must take a - prompt as an argument and print the received password to - the standard output. This value may overridden at run-time - in the sudo.conf file. - - --with-badpass-message="BAD PASSWORD MESSAGE" - Message that is displayed if a user enters an incorrect password. - The default is "Sorry, try again." unless insults are turned on. - Sudoers option: badpass_message - - --with-badpri=PRIORITY - Determines which syslog priority to log unauthenticated - commands and errors. The following priorities are supported: - alert, crit, debug, emerg, err, info, notice, and warning. - Sudoers option: syslog_badpri - - --with-classic-insults - Uses insults from sudo "classic." If you just specify --with-insults - you will get the classic and CSOps insults. This is on by default if - --with-insults is given. - - --with-csops-insults - Insults the user with an extra set of insults (some quotes, some - original) from a sysadmin group at CU (CSOps). You must specify - --with-insults as well for this to have any effect. This is on by - default if --with-insults is given. - - --with-editor=PATH - Specify the default editor path for use by visudo. This may be a - single path name or a colon-separated list of editors. In the latter - case, visudo will choose the editor that matches the user's SUDO_EDITOR, - VISUAL or EDITOR environment variable, or the first editor in the list - that exists. The default is the path to vi on your system. - Sudoers option: editor - - --with-env-editor=no, --without-env-editor - By default, visudo will consult the SUDO_EDITOR, VISUAL and EDITOR - environment variables before falling back on the default editor list - (as specified by --with-editor). visudo is typically run as root so - this option may allow a user with visudo privileges to run arbitrary - commands as root without logging. Some sites may with to disable this - and use a colon-separated list of "safe" editors with the --with-editor - option. visudo will then only use the SUDO_EDITOR, VISUAL or EDITOR - variables if they match a value specified via --with-editor. - Sudoers option: env_editor - - --with-exempt=GROUP - Users in the specified group don't need to enter a password when - running sudo. This may be useful for sites that don't want their - "core" sysadmins to have to enter a password but where Jr. sysadmins - need to. You should probably use NOPASSWD in sudoers instead. - Sudoers option: exempt_group - - --with-fqdn - Define this if you want to put fully qualified host names in the sudoers - file. Ie: instead of myhost you would use myhost.mydomain.edu. You may - still use the short form if you wish (and even mix the two). Beware - that turning FQDN on requires sudo to make DNS lookups which may make - sudo unusable if your DNS is totally hosed. Also note that you must - use the host's official name as DNS knows it. That is, you may not use - a host alias (CNAME entry) due to performance issues and the fact that - there is no way to get all aliases from DNS. - Sudoers option: fqdn - - --with-goodpri=PRIORITY - Determines which syslog priority to log successfully - authenticated commands. The following priorities are - supported: alert, crit, debug, emerg, err, info, notice, - and warning. - Sudoers option: syslog_goodpri - - --with-python-insults - Insults the user with lines from "Monty Python's Flying Circus" when an - incorrect password is entered. You must either specify --with-insults or - enable insults in the sudoers file for this to have any effect. - - --with-goons-insults - Insults the user with lines from the "Goon Show" when an incorrect - password is entered. You must either specify --with-insults or - enable insults in the sudoers file for this to have any effect. - - --with-hal-insults - Uses 2001-like insults when an incorrect password is entered. - You must either specify --with-insults or enable insults in the - sudoers file for this to have any effect. - - --with-ignore-dot - If set, sudo will ignore '.' or '' (current dir) in $PATH. - The $PATH itself is not modified. - Sudoers option: ignore_dot - - --with-insults - Define this if you want to be insulted for typing an incorrect password - just like the original sudo(8). This is off by default. - Sudoers option: insults - - --with-insults=disabled - Include support for insults but disable them unless explicitly - enabled in sudoers. - Sudoers option: !insults - - --with-iologdir[=DIR] - By default, sudo stores I/O log files in either /var/log/sudo-io, - /var/adm/sudo-io, or /usr/log/sudo-io. If this option is - specified, I/O logs will be stored in the indicated directory - instead. - Sudoers option: iolog_dir - - --with-lecture=no, --without-lecture - Don't print the lecture the first time a user runs sudo. - Sudoers option: !lecture - - --with-logfac=FACILITY - Determines which syslog facility to log to. This requires - a 4.3BSD or later version of syslog. You can still set - this for ancient syslogs but it will have no effect. The - following facilities are supported: authpriv (if your OS - supports it), auth, daemon, user, local0, local1, local2, - local3, local4, local5, local6, and local7. - Sudoers option: syslog - - --with-logging=TYPE - How you want to do your logging. You may choose "syslog", - "file", or "both". Setting this to "syslog" is nice because - you can keep all of your sudo logs in one place (see the - example syslog.conf file). The default is "syslog". - Sudoers options: syslog and logfile - - --with-loglen=NUMBER - Number of characters per line for the file log. This is only used if - you are to "file" or "both". This value is used to decide when to wrap - lines for nicer log files. The default is 80. Setting this to 0 - will disable the wrapping. - Sudoers options: loglinelen - - --with-logpath=PATH - Override the default location of the sudo log file and use - "path" instead. By default will use /var/log/sudo.log if - there is a /var/log dir, falling back to /var/adm/sudo.log - or /usr/adm/sudo.log if not. - Sudoers option: logfile - - --with-long-otp-prompt - When validating with a One Time Password scheme (S/Key or - OPIE), a two-line prompt is used to make it easier to cut - and paste the challenge to a local window. It's not as - pretty as the default but some people find it more convenient. - Sudoers option: long_otp_prompt - - --with-mail-if-no-user=no, --without-mail-if-no-user - Normally, sudo will mail to the "alertmail" user if the user invoking - sudo is not in the sudoers file. This option disables that behavior. - Sudoers option: mail_no_user - - --with-mail-if-no-host - Send mail to the "alermail" user if the user exists in the sudoers - file, but is not allowed to run commands on the current host. - Sudoers option: mail_no_host - - --with-mail-if-noperms - Send mail to the "alermail" user if the user is allowed to use sudo but - the command they are trying is not listed in their sudoers file entry. - Sudoers option: mail_no_perms - - --with-mailsubject="SUBJECT OF MAIL" - Subject of the mail sent to the "mailto" user. The token "%h" - will expand to the hostname of the machine. - Default is "*** SECURITY information for %h ***". - Sudoers option: mailsub - - --with-mailto=USER|MAIL_ALIAS - User (or mail alias) that mail from sudo is sent to. - This should go to a sysadmin at your site. The default is "root". - Sudoers option: mailto - - --with-passprompt="PASSWORD PROMPT" - Default prompt to use when asking for a password; can be overridden - via the -p option and the SUDO_PROMPT environment variable. Supports - the "%H", "%h", "%U" and "%u" escapes as documented in the sudo - manual page. The default value is "Password:". - Sudoers option: passprompt - - --with-password-timeout=NUMBER - Number of minutes before the sudo password prompt times out. - The default is 5, set this to 0 for no password timeout. - Sudoers option: passwd_timeout - - --with-passwd-tries=NUMBER - Number of tries a user gets to enter his/her password before sudo logs - the failure and exits. The default is 3. - Sudoers option: passwd_tries - - --with-runas-default=USER - The default user to run commands as if the -u flag is not specified - on the command line. This defaults to "root". - Sudoers option: runas_default - - --with-secure-path[=PATH] - Path used for every command run from sudo(8). If you don't trust - users to have a reasonable PATH environment variable you may want - to use this. Another use is if you want to have the "root path" - be separate from the "user path." You will need to customize the - path for your site. NOTE: this is not applied to users in the group - specified by --with-exemptgroup. If you do not specify a path, - "/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc" is used. - Sudoers option: secure_path - - --with-sendmail=PATH - Override configure's guess as to the location of sendmail. - Sudoers option: mailerpath - - --with-sendmail=no, --without-sendmail - Do not use sendmail to mail messages to the "mailto" user. - Use only if you don't run sendmail or the equivalent. - Sudoers options: !mailerpath or !mailto - - --with-sudoers-mode=MODE - File mode for the sudoers file (octal). Note that if you - wish to NFS-mount the sudoers file this must be group - readable. This value may overridden at run-time in the - sudo.conf file. The default mode is 0440. - - --with-sudoers-uid=UID - User id that "owns" the sudoers file. Note that this is - the numeric id, *not* the symbolic name. This value may - overridden at run-time in the sudo.conf file. The default - is 0. - - --with-sudoers-gid=GID - Group id that "owns" the sudoers file. Note that this is - the numeric id, *not* the symbolic name. This value may - overridden at run-time in the sudo.conf file. The default - is 0. - - --with-timeout=NUMBER - Number of minutes that can elapse before sudo will ask for a passwd - again. The default is 5, set this to 0 to always prompt for a password. - Sudoers option: timestamp_timeout - - --with-umask=MASK - Umask to use when running the root command. The default is 0022. - Sudoers option: umask - - --with-umask=no, --without-umask - Preserves the umask of the user invoking sudo. - Sudoers option: !umask - - --with-umask-override - Use the umask specified in sudoers even if it is less restrictive - than the user's. The default is to use the intersection of the - user's umask and the umask specified in sudoers. - Sudoers option: umask_override - -OS dependent notes -================== - -HP-UX: - The default C compiler shipped with HP-UX is not an ANSI compiler. - You must use either the HP ANSI C compiler or gcc to build sudo. - Binary packages of gcc are available from http://hpux.connect.org.uk/. - - To prevent PAM from overriding the value of umask on HP-UX 11, - you will need to add a line like the following to /etc/pam.conf: - - sudo session required libpam_hpsec.so.1 bypass_umask - -Linux: - PAM and LDAP headers are not installed by default on most Linux - systems. You will need to install the "pam-dev" (rpm) or - libpam0g-dev (deb) package if /usr/include/security/pam_appl.h - is not present on your system. If you wish to build with LDAP - support you will also need the "openldap-devel" (rpm) or - "libldap2-dev" (deb) package. - -Mac OS X: - The pseudo-tty support in the Mac OS X kernel has bugs related - to its handling of the SIGTSTP, SIGTTIN and SIGTTOU signals. - It does not restart reads and writes when those signals are - delivered. This may cause problems for some commands when I/O - logging is enabled. The issue has been reported to Apple and - is bug id #7952709. - -Solaris: - You need to have a C compiler in order to build sudo. Since - Solaris does not come with one by default this means that you - either need to either install the Solaris Studio compiler suite, - available for free from www.oracle.com, or install the GNU C - compiler (gcc) which is can be installed via the pkg utility - on Solaris 11 and higher and is distributed on the Solaris - Companion CD for older Solaris releases. You can also download - gcc packages from http://www.opencsw.org/packages/CSWgcc4core/ diff --git a/INSTALL.md b/INSTALL.md new file mode 100644 index 000000000..1c570b84a --- /dev/null +++ b/INSTALL.md @@ -0,0 +1,1025 @@ +Sudo installation instructions +============================== + +Sudo uses a `configure` script to probe the capabilities and type of the +system in question. Sudo's `configure` script has a large numberof options +that control its behavior and enable or disable optional functionality. +Please read this document fully before configuring and building sudo. +You may also wish to read the file INSTALL.configure which explains more +about the `configure` script itself. + +## System requirements + +To build sudo from the source distribution you need a POSIX-compliant +operating system (any modern version of BSD, Linux or Unix should work), +an ANSI/ISO C compiler that supports the "long long" type, variadic +macros (a C99 feature) as well as the ar, make and ranlib utilities. + +If you wish to modify the parser then you will need flex version +2.5.2 or later and either bison or byacc (sudo comes with a +pre-generated parser). You'll also have to run configure with the +--with-devel option or pass DEVEL=1 to make. You can get flex from +http://flex.sourceforge.net/. You can get GNU bison from +ftp://ftp.gnu.org/pub/gnu/bison/ or any GNU mirror. + +## Simple sudo installation + +0. If you are upgrading from a previous version of sudo please read + the info in [docs/UPGRADE.md](docs/UPGRADE.md) before proceeding. + +1. Read the "OS dependent notes" section for any particular + "gotchas" relating to your operating system. + +2. `cd` to the source or build directory and type `./configure` + to generate a Makefile and config.h file suitable for building + sudo. Before you actually run configure you should read the + "Available configure options" section to see if there are + any special options you may want or need. + +4. Type `make` to compile sudo. If `configure` did its job properly (and + you have a supported configuration) there won't be any problems. If you + have a problem, check [docs/TROUBLESHOOTING.md](docs/TROUBLESHOOTING.md) + for tips on what might have gone wrong. Please mail us if you have a + fix or if you are unable to come up with a fix (address at EOF). + +5. Type `make install` (as root) to install sudo, visudo, the + man pages, and a skeleton sudoers file. Note that the install + will not overwrite an existing sudoers file. You can also + install various pieces the package via the install-binaries, + install-doc, and install-sudoers make targets. + +6. Edit the sudoers file with `visudo` as necessary for your + site. You will probably want to refer the example sudoers + file and sudoers man page included with the sudo package. + +7. If you want to use syslogd(8) to do the logging, you'll need to + update your `/etc/syslog.conf` file. See the examples/syslog.conf + file included in the distribution for an example. + +## Available configure options + +This section describes flags accepted by the sudo's `configure` script. +Defaults are listed in brackets after the description. + +### Configuration: + + --cache-file=FILE + Cache test results in FILE + + --config-cache, -C + Alias for --cache-file=config.cache + + --help, -h + Print the usage/help info + + --no-create, -n + Do not create output files + + --quiet, --silent, -q + Do not print "checking..." messages + + --srcdir=DIR + Find the sources in DIR [configure dir or ".."] + +### Directory and file names: + + --prefix=PREFIX + Install architecture-independent files in PREFIX. [/usr/local] + + --exec-prefix=EPREFIX + Install architecture-dependent files in EPREFIX. + This includes the executables and plugins. [same as PREFIX] + + --bindir=DIR + Install cvtsudoers, sudo, sudoedit and sudoreplay in DIR. [EPREFIX/bin] + + --sbindir=DIR + Install sudo_logsrvd, sudo_sendlog and visudo in DIR. [EPREFIX/sbin] + + --libexecdir=DIR + Install plugins and helper programs in DIR/sudo [PREFIX/libexec/sudo] + + --sysconfdir=DIR + Look for `sudo.conf` and `sudoers` files in DIR. [/etc] + + --includedir=DIR + Install sudo_plugin.h include file in DIR [PREFIX/include] + + --datarootdir=DIR + Root directory for platform-independent data files [PREFIX/share] + + --localedir=DIR + Install sudo and sudoers locale files in DIR [DATAROOTDIR/locale] + + --mandir=DIR + Install man pages in DIR [PREFIX/man] + + --docdir=DIR + Install other sudo documentation in DIR [DATAROOTDIR/doc/sudo] + + --with-exampledir=DIR + Install sudo example files in DIR [DATAROOTDIR/doc/sudo/examples] + + --with-plugindir=DIR + The directory that sudo looks in to find the policy and I/O + logging plugins. Defaults to the LIBEXEC/sudo. + + --with-rundir=DIR + The directory to be used for sudo-specific files that do + not survive a system reboot. This is typically where the + time stamp directory is located. By default, configure + will choose from the following list: + /run/sudo /var/run/sudo, /var/db/sudo, /var/lib/sudo, + /var/adm/sudo, /usr/adm/sudo + This directory should be cleared when the system reboots. + On systems that lack /run or /var/run, the default rundir and + vardir may be the same. In this case, only the ts directory + inside the rundir needs to be cleared at boot time. + + --with-vardir=DIR + The directory to be used for sudo-specific files that survive + a system reboot. This is typically where the lecture status + directory is stored. By default, configure will choose + from the following list: + /var/db/sudo, /var/lib/sudo, /var/adm/sudo, /usr/adm/sudo + This directory should **not** be cleared when the system boots. + + --with-relaydir=DIR + The directory to be used for sudo_logsrvd relay temporary files. + When sudo_logsrvd is configured as a store-and-forward relay, + the journaled data is written to this directory before it is + forwarded to a relay server. + + --with-tzdir=DIR + The directory to the system's time zone data files. This + is only used when sanitizing the TZ environment variable + to allow for fully-qualified paths in TZ. By default, + configure will look for an existing "zoneinfo" directory + in the following locations: + /usr/share /usr/share/lib /usr/lib /etc + If no zoneinfo directory is found, the TZ variable may not + contain a fully-qualified path. + +### Compilation options: + + --enable-sanitizer=[flags] + Enable the use of sanitizers such as AddressSanitizer and + UndefinedBehaviorSanitizer if supported by the compiler. + This can help detect common problems such as buffer overflows + and use after free bugs as well as behavior not defined by + the C standard. For more information see: + https://github.com/google/sanitizers/wiki + + If no flags are specified by the user, a default value of + "-fsanitize=address,undefined" will be used. + + This option should only be used for testing and not in a + production environment. Due to some sanitizers' unchecked + use of environment variables, it is trivial to exploit a + setuid root executable such as sudo. + + --enable-fuzzer + Enable building sudo with the LLVM libFuzzer, see + https://www.llvm.org/docs/LibFuzzer.html for details. + The resulting binaries, beginning with "fuzz_" can be used + to test sudo. To run all the fuzzers for 8192 iterations, + "make fuzz" can be used. This option is generally used in + conjunction with --enable-sanitizer. + + Fuzzing currently requires the clang C compiler--it is not + supported by gcc. For best results, it is suggested to use + clang 11 or higher. Some of the fuzzers are known to hang + when used with earlier versions. + + This option should only be used for testing and not in a + production environment. + + --enable-fuzzer-engine=library + The library to use when linking fuzz targets instead of + LLVM's libFuzzer. It is intended to be set to the path to + an alternate fuzzing library, such as AFL++ or Honggfuzz. + + --enable-fuzzer-linker=command + An alternate linker command to use when building fuzz + targets, instead of clang. It may be necessary to set this + when using the --enable-fuzzer-engine option to link with + a fuzzer engine that requires C++ libraries. For oss-fuzz, + this option is used to cause fuzz targets to be linked with + clang++. + + --disable-hardening + Disable the use of compiler/linker exploit mitigation options + which are enabled by default. This includes compiling with + _FORTIFY_SOURCE defined to 2, building with -fstack-protector + and linking with -zrelro, where supported. + + --disable-ssp + Disable use of the -fstack-protector compiler option. + This does not affect the other hardening options. + + --disable-leaks + Avoid leaking memory even when we are headed for exit, + which helps reduce the noise from static and active analyzers. + This option should only be used for testing and not in a + production environment. + + --enable-pie + Build sudo and related programs as as a position independent + executables (PIE). This improves the effectiveness of address + space layout randomization (ASLR) on systems that support it. + Sudo will create PIE binaries by default on Linux systems. + + --disable-pie + Disable the creation of position independent executables (PIE), + even if the compiler creates PIE binaries by default. This + option may be needed on some Linux systems where PIE binaries + are not fully supported. + + --disable-poll + Use select() instead of poll() in the event loop. By default, + sudo will use poll() on systems that support it. Some systems + have a broken poll() implementation and need to use select instead. + On Mac OS X, select() is always used since its poll() doesn't + support devices. + + --disable-rpath + By default, configure will use -Rpath in addition to -Lpath + when passing library paths to the loader. This option will + disable the use of -Rpath. + + --disable-shared + Disable dynamic shared object support. By default, sudo + is built with a plugin API capable of loading arbitrary + policy and I/O logging plugins. If the --disable-shared + option is specified, this support is disabled and the default + sudoers policy and I/O plugins are embedded in the sudo + binary itself. This will also disable the intercept and noexec + options as they also rely on dynamic shared object support. + + --disable-shared-libutil + Disable the use of the dynamic libsudo_util library. By + default, sudo, the sudoers plugin and the associated sudo + utilities are linked against a shared version of libsudo_util. + If the --disable-shared-libutil option is specified, a + static version of the libsudo_util library will be used + instead. This option may only be used in conjunction with + the --enable-static-sudoers option. + + --enable-static-sudoers + By default, the sudoers plugin is built and installed as a + dynamic shared object. When the --enable-static-sudoers + option is specified, the sudoers plugin is compiled directly + into the sudo binary. Unlike --disable-shared, this does + not prevent other plugins from being used and the intercept + and noexec options will continue to function. + + --enable-tmpfiles.d=DIR + Set the directory to be used when installing the sudo + tmpfiles.d file. This is used to create (or clear) the + sudo time stamp directory on operating systems that use + systemd. If this option is not specified, configure will + use the /usr/lib/tmpfiles.d directory if the file + /usr/lib/tmpfiles.d/systemd.conf exists. + + --enable-zlib[=location] + Enable the use of the zlib compress library when storing + I/O log files. If specified, location is the base directory + containing the zlib include and lib directories. The special + values "system", "builtin", "shared" and "static" can be + used to indicate that the system version of zlib should be + used or that the version of zlib shipped with sudo should + be used instead. If "static" is specified, sudo will + statically link the builtin zlib and not install it. If + this option is not specified, configure will use the system + zlib if it is present, falling back on the sudo version. + + --with-incpath=DIR + Adds the specified directory (or directories) to CPPFLAGS + so configure and the compiler will look there for include + files. Multiple directories may be specified as long as + they are space separated. + E.g. --with-incpath="/usr/local/include /opt/include" + + --with-libpath=DIR + Adds the specified directory (or directories) to LDFLAGS + so configure and the compiler will look there for libraries. + Multiple directories may be specified as with --with-incpath. + + --with-libraries=LIBRARY + Adds the specified library (or libraries) to SUDO_LIBS and + and VISUDO_LIBS so sudo will link against them. If the + library doesn't start with "-l" or end in ".a" or ".o" a + "-l" will be pre-pended to it. Multiple libraries may be + specified as long as they are space separated. + + --with-libtool=PATH + By default, sudo will use the included version of libtool + to build shared libraries. The --with-libtool option can + be used to specify a different version of libtool to use. + The special values "system" and "builtin" can be used in + place of a path to denote the default system libtool (obtained + via the user's PATH) and the default libtool that comes + with sudo. + +### Optional features: + + --disable-root-mailer + By default sudo will run the mailer as root when tattling + on a user so as to prevent that user from killing the mailer. + With this option, sudo will run the mailer as the invoking + user which some people consider to be safer. + + --enable-nls[=location] + Enable natural language support using the gettext() family + of functions. If specified, location is the base directory + containing the libintl include and lib directories. If + this option is not specified, configure will look for the + gettext() family of functions in the standard C library + first, then check for a standalone libintl (linking with + libiconv as needed). + + --disable-nls + Disable natural language support. By default, sudo will + use the gettext() family of functions, if available, to + implement messages in the invoking user's native language. + Note that translations do not exist for all languages. + + --with-ldap[=DIR] + Enable LDAP support. If specified, DIR is the base directory + containing the LDAP include and lib directories. Please see + [README.LDAP.md](README.LDAP.md) for more information. + + --with-ldap-conf-file=PATH + Path to LDAP configuration file. If specified, sudo reads + this file instead of `/etc/ldap.conf` to locate the LDAP server. + + --with-ldap-secret-file=PATH + Path to LDAP secret password file. If specified, sudo uses + this file instead of `/etc/ldap.secret` to read the secret password + when rootbinddn is specified in the ldap config file. + + --disable-sasl + Disable SASL authentication for LDAP. By default, sudo + will compile in support for SASL authentication if the + ldap_sasl_interactive_bind_s() function is present in the + LDAP libraries. + + --with-logincap + This adds support for login classes specified in `/etc/login.conf`. + It is enabled by default on BSD/OS, Darwin, FreeBSD, OpenBSD and + NetBSD (where available). By default, a login class is not applied + unless the "use_loginclass" option is defined in sudoers or the user + specifies a class on the command line. + + --with-interfaces=no, --without-interfaces + This option keeps sudo from trying to glean the ip address + from each attached network interface. It is only useful + on a machine where sudo's interface reading support does + not work, which may be the case on some SysV-based OS's + using STREAMS. + + --enable-intercept[=PATH] + Enable support for the "intercept" functionality which + allows sudo to perform a policy check when a dynamically-linked + program run by sudo attempts to execute another program. + This is also used to support the "log_subcmds" sudoers + setting. For example, this means that for a shell run + through sudo, the individual commands run by the shell are + also subject to rules in the sudoers file. Please see the + "Preventing Shell Escapes" section in the sudoers man page + for details. If specified, PATH should be a fully qualified + path name, e.g. /usr/local/libexec/sudo/sudo_intercept.so. + If PATH is "no", intercept support will not be compiled in. + The default is to compile intercept support if libtool + supports building shared objects on your system. + + --with-noexec[=PATH] + Enable support for the "noexec" functionality which prevents + a dynamically-linked program being run by sudo from executing + another program (think shell escapes). Please see the + "Preventing Shell Escapes" section in the sudoers man page + for details. If specified, PATH should be a fully qualified + path name, e.g. /usr/local/libexec/sudo/sudo_noexec.so. If PATH + is "no", noexec support will not be compiled in. The default + is to compile noexec support if libtool supports building + shared objects on your system. + + --with-selinux + Enable support for role based access control (RBAC) on systems + that support SELinux. + + --with-sssd + Enable support for using the System Security Services Daemon + (SSSD) as a sudoers data source. For more information on + SSD, see http://fedorahosted.org/sssd/ + + --with-sssd-conf=PATH + Specify the path to the SSSD configuration file, if different + from the default value of `/etc/sssd/sssd.conf`. + + --with-sssd-lib=PATH + Specify the path to the SSSD shared library, which is loaded + at run-time. + + --enable-offensive-insults + Enable potentially offensive sudo insults from the classic + version of sudo. + + --enable-pvs-studio + Generate a sample PVS-Studio.cfg file based on the compiler and + platform type. The "pvs-studio" Makefile target can then be + used if PVS-Studio is installed. + + --enable-python + Enable support for sudo plugins written in Python 3. + This requires a Python 3 development environment (including + Python 3 header files). + + --disable-log-server + Disable building the sudo_logsrvd log server. + + --disable-log-client + Disable sudoers support for using the sudo_logsrvd log server. + +### Operating system-specific options: + + --disable-setreuid + Disable use of the setreuid() function for operating systems + where it is broken. For instance, 4.4BSD has setreuid() that + is not fully functional. + + --disable-setresuid + Disable use of the setresuid() function for operating systems + where it is broken (none currently known). + + --enable-admin-flag[=PATH] + Enable the creation of an Ubuntu-style admin flag file the + first time sudo is run. If PATH is not specified, the + default value is: + ~/.sudo_as_admin_successful + + --enable-devsearch=PATH + Set a system-specific search path of directories to look in + for device nodes. Sudo uses this when mapping the process's + tty device number to a device name. The default value is: + /dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev + + --with-bsm-audit + Enable support for sudo BSM audit logs on systems that support it. + This includes recent versions of FreeBSD, Mac OS X and Solaris. + + --with-linux-audit + Enable audit support for Linux systems. Audits attempts + to run a command as well as SELinux role changes. + + --with-man + Use the "man" macros for manual pages. By default, mdoc versions + of the manuals are installed if supported. This can be used to + override configure's test for "nroff -mdoc" support. + + --with-mdoc + Use the "mdoc" macros for manual pages. By default, mdoc versions + of the manuals are installed if supported. This can be used to + override configure's test for "nroff -mdoc" support. + + --with-netsvc[=PATH] + Path to netsvc.conf or "no" to disable netsvc.conf support. + If specified, sudo uses this file instead of /etc/netsvc.conf + on AIX systems. If netsvc support is disabled but LDAP is + enabled, sudo will check LDAP first, then the sudoers file. + + --with-nsswitch[=PATH] + Path to nsswitch.conf or "no" to disable nsswitch support. + If specified, sudo uses this file instead of /etc/nsswitch.conf. + If nsswitch support is disabled but LDAP is enabled, sudo will + check LDAP first, then the sudoers file. + + --with-project + Enable support for Solaris project resource limits. + This option is only available on Solaris 9 and above. + +### Authentication options: + + --with-AFS + Enable AFS support with Kerberos authentication. Should work under + AFS 3.3. If your AFS doesn't have -laudit you should be able to + link without it. + + --with-aixauth + Enable support for the AIX general authentication function. + This will use the authentication scheme specified for the + user on the machine. By default, sudo will use either AIX + authentication or PAM depending on the value of the auth_type + setting in the `/etc/security/login.cfg` file. + + --with-bsdauth + Enable support for BSD authentication. This is the default + for BSD/OS and OpenBSD systems that support it. + It is not possible to mix BSD authentication with other + authentication methods (and there really should be no need + to do so). Note that only the newer BSD authentication API + is supported. If you don't have /usr/include/bsd_auth.h + then you cannot use this. + + --with-DCE + Enable DCE support for systems without PAM. Known to work on + HP-UX 9.X, 10.X, and 11.0; other systems may require source + code and/or `configure` changes. On systems with PAM support + (such as HP-UX 11.0 and higher, Solaris, FreeBSD and Linux), the + DCE PAM module (usually libpam_dce) should be used instead. + + --with-fwtk[=DIR] + Enable TIS Firewall Toolkit (FWTK) "authsrv" support. If specified, + DIR is the base directory containing the compiled FWTK package + (or at least the library and header files). + + --with-kerb5[=DIR] + Enable Kerberos V support. If specified, DIR is the base + directory containing the Kerberos V include and lib dirs. + This uses Kerberos pass phrases for authentication but + does not use the Kerberos cookie scheme. Will not work for + Kerberos V older than version 1.1. + + --enable-kerb5-instance=string + By default, the user name is used as the principal name + when authenticating via Kerberos V. If this option is + enabled, the specified instance string will be appended to + the user name (separated by a slash) when creating the + principal name. + + --with-solaris-audit + Enable audit support for Solaris 11 and above. + For older versions of Solaris, use --with-bsm-audit + + --with-opie[=DIR] + Enable NRL OPIE OTP (One Time Password) support. If specified, + DIR should contain include and lib directories with opie.h + and libopie.a respectively. + + --with-otp-only + This option is now just an alias for --without-passwd. + + --with-pam + Enable PAM support. This is on by default for Darwin, FreeBSD, + Linux, Solaris and HP-UX (version 11 and higher). + + NOTE: on RedHat Linux and Fedora you **must** have an `/etc/pam.d/sudo` + file installed. You may either use the example pam.conf file included + with sudo or use `/etc/pam.d/su` as a reference. The pam.conf file + included with sudo may or may not work with other Linux distributions. + On Solaris and HP-UX 11 systems you should check (and understand) + the contents of `/etc/pam.conf`. Do a `man pam.conf` for more + information and consider using the "debug" option, if available, + with your PAM libraries in `/etc/pam.conf` to obtain syslog output + for debugging purposes. + + --with-pam-login + Enable a specific PAM session when sudo is given the -i option. + This changes the PAM service name when sudo is run with the -i + option from "sudo" to "sudo-i", allowing for a separate pam + configuration for sudo's initial login mode. + + --disable-pam-session + Disable sudo's PAM session support. This may be needed on + older PAM implementations or on operating systems where + opening a PAM session changes the utmp or wtmp files. If + PAM session support is disabled, resource limits may not + be updated for the command being run. + + --with-passwd=no, --without-passwd + This option excludes authentication via the passwd (or + shadow) file. It should only be used when another, alternative, + authentication scheme is in use. + + --with-SecurID[=DIR] + Enable SecurID support. If specified, DIR is directory containing + libaceclnt.a, acexport.h, and sdacmvls.h. + + --with-skey[=DIR] + Enable S/Key OTP (One Time Password) support. If specified, + DIR should contain include and lib directories with skey.h + and libskey.a respectively. + + --disable-sia + Disable SIA support. This is the "Security Integration + Architecture" on Digital UNIX. If you disable SIA sudo will + use its own authentication routines. + + --disable-shadow + Disable shadow password support. Normally, sudo will compile + in shadow password support and use a shadow password if it + exists. + + --enable-gss-krb5-ccache-name + Use the gss_krb5_ccache_name() function to set the Kerberos + V credential cache file name. By default, sudo will use + the KRB5CCNAME environment variable to set this. While + gss_krb5_ccache_name() provides a better API to do this it + is not supported by all Kerberos V and SASL combinations. + + --enable-gcrypt[=DIR] + Use GNU crypt's SHA-2 message digest functions instead of + OpenSSL or the ones bundled with sudo (or in the system's + C library). If specified, DIR should contain the GNU crypt + include and lib directories. This option only has an effect + when OpenSSL 1.0.1 or higher is not present on the system + or the --disable-openssl option is also specified. + + --enable-openssl[=DIR] + Use OpenSSL's TLS and SHA-2 message digest functions. If + it is detected, OpenSSL will be used by default unless the + sudo log client and server are disabled via the + --disable-log-client and --disable-log-server options. To + explicitly disable the use of OpenSSL, the --disable-openssl + option can be used. OpenSSL versions prior to 1.0.1 will + not be used as they do not support TLS 1.2. If specified, + DIR should contain the OpenSSL include and lib directories. + + --enable-openssl-pkgconfig-template=template + A printf-style template used to construct the name of the + openssl and libcrypto pkg-config files. For example, a + template of "e%s30" would cause "eopenssl30" and "libecrypto30" + to be used instead. This makes it possible to link with + the OpenSSL 3.0 package on OpenBSD. Defaults to "%s". + + --enable-wolfssl[=DIR] + Use wolfSSL's TLS and SHA-2 message digest functions. If + specified, DIR should contain the OpenSSL include and lib + directories. + +### Development options: + + --enable-env-debug + Enable debugging of the environment setting functions. This + enables extra checks to make sure the environment does not + become corrupted. + + --enable-warnings + Enable compiler warnings when building sudo with gcc or clang. + + --enable-werror + Enable the -Werror compiler option when building sudo with + gcc or clang. + + --with-devel + Configure development options. This will enable compiler warnings + and set up the Makefile to be able to regenerate the sudoers parser + as well as the manual pages. + +### Options that set runtime-changeable default values: + + --disable-authentication + By default, sudo requires the user to authenticate via a + password or similar means. This options causes sudo to + **not** require authentication. It is possible to turn + authentication back on in sudoers via the PASSWD attribute. + Sudoers option: !authenticate + + --disable-env-reset + Disable environment resetting. This sets the default value + of the "env_reset" Defaults option in sudoers to false. + Sudoers option: !env_reset + + --disable-path-info + Normally, sudo will tell the user when a command could not be found + in their $PATH. Some sites may wish to disable this as it could + be used to gather information on the location of executables that + the normal user does not have access to. The disadvantage is that + if the executable is simply not in the user's path, sudo will tell + the user that they are not allowed to run it, which can be confusing. + Sudoers option: path_info + + --disable-root-sudo + Don't let root run sudo. This can be used to prevent people from + "chaining" sudo commands to get a root shell by doing something + like `sudo sudo /bin/sh`. + Sudoers option: !root_sudo + + --disable-zlib + Disable the use of the zlib compress library when storing + I/O log files. + Sudoers option: !compress_io + + --enable-log-host + Log the hostname in the log file. + Sudoers option: log_host + + --enable-noargs-shell + If sudo is invoked with no arguments it acts as if the "-s" flag had + been given. That is, it runs a shell as root (the shell is determined + by the SHELL environment variable, falling back on the shell listed + in the invoking user's `/etc/passwd` entry). + Sudoers option: shell_noargs + + --enable-shell-sets-home + If sudo is invoked with the "-s" flag the HOME environment variable + will be set to the home directory of the target user (which is root + unless the "-u" option is used). This option effectively makes the + "-s" flag imply "-H". + Sudoers option: set_home + + --enable-timestamp-type=TYPE + Set the default time stamp record type. The TYPE may be "global" + (a single record per user), "ppid" (a single record for process + with the same parent process), or "tty" (a separate record for + each login session). The default is "tty". + Sudoers option: timestamp_type + + --with-all-insults + Include all the insult sets listed below. You must either specify + --with-insults or enable insults in the sudoers file for this to + have any effect. + + --with-askpass=PATH + Set PATH as the "askpass" program to use when no tty is + available. Typically, this is a graphical password prompter, + similar to the one used by ssh. The program must take a + prompt as an argument and print the received password to + the standard output. This value may overridden at run-time + in the sudo.conf file. + + --with-badpass-message="BAD PASSWORD MESSAGE" + Message that is displayed if a user enters an incorrect password. + The default is "Sorry, try again." unless insults are turned on. + Sudoers option: badpass_message + + --with-badpri=PRIORITY + Determines which syslog priority to log unauthenticated + commands and errors. The following priorities are supported: + alert, crit, debug, emerg, err, info, notice, and warning. + Sudoers option: syslog_badpri + + --with-classic-insults + Uses insults from sudo "classic." If you just specify --with-insults + you will get the classic and CSOps insults. This is on by default if + --with-insults is given. + + --with-csops-insults + Insults the user with an extra set of insults (some quotes, some + original) from a sysadmin group at CU (CSOps). You must specify + --with-insults as well for this to have any effect. This is on by + default if --with-insults is given. + + --with-editor=PATH + Specify the default editor path for use by visudo. This may be a + single path name or a colon-separated list of editors. In the latter + case, visudo will choose the editor that matches the user's SUDO_EDITOR, + VISUAL or EDITOR environment variable, or the first editor in the list + that exists. The default is the path to vi on your system. + Sudoers option: editor + + --with-env-editor=no, --without-env-editor + By default, visudo will consult the SUDO_EDITOR, VISUAL and EDITOR + environment variables before falling back on the default editor list + (as specified by --with-editor). visudo is typically run as root so + this option may allow a user with visudo privileges to run arbitrary + commands as root without logging. Some sites may with to disable this + and use a colon-separated list of "safe" editors with the --with-editor + option. visudo will then only use the SUDO_EDITOR, VISUAL or EDITOR + variables if they match a value specified via --with-editor. + Sudoers option: env_editor + + --with-exempt=GROUP + Users in the specified group don't need to enter a password when + running sudo. This may be useful for sites that don't want their + "core" sysadmins to have to enter a password but where Jr. sysadmins + need to. You should probably use NOPASSWD in sudoers instead. + Sudoers option: exempt_group + + --with-fqdn + Define this if you want to put fully qualified host names in the sudoers + file. Ie: instead of myhost you would use myhost.mydomain.edu. You may + still use the short form if you wish (and even mix the two). Beware + that turning FQDN on requires sudo to make DNS lookups which may make + sudo unusable if your DNS is totally hosed. Also note that you must + use the host's official name as DNS knows it. That is, you may not use + a host alias (CNAME entry) due to performance issues and the fact that + there is no way to get all aliases from DNS. + Sudoers option: fqdn + + --with-goodpri=PRIORITY + Determines which syslog priority to log successfully authenticated + commands. The following priorities are supported: alert, crit, debug, + emerg, err, info, notice, and warning. + Sudoers option: syslog_goodpri + + --with-python-insults + Insults the user with lines from "Monty Python's Flying Circus" when an + incorrect password is entered. You must either specify --with-insults or + enable insults in the sudoers file for this to have any effect. + + --with-goons-insults + Insults the user with lines from the "Goon Show" when an incorrect + password is entered. You must either specify --with-insults or + enable insults in the sudoers file for this to have any effect. + + --with-hal-insults + Uses 2001-like insults when an incorrect password is entered. + You must either specify --with-insults or enable insults in the + sudoers file for this to have any effect. + + --with-ignore-dot + If set, sudo will ignore "." or "" (current dir) in $PATH. + The $PATH itself is not modified. + Sudoers option: ignore_dot + + --with-insults + Define this if you want to be insulted for typing an incorrect password + just like the original sudo(8). This is off by default. + Sudoers option: insults + + --with-insults=disabled + Include support for insults but disable them unless explicitly + enabled in sudoers. + Sudoers option: !insults + + --with-iologdir[=DIR] + By default, sudo stores I/O log files in either /var/log/sudo-io, + /var/adm/sudo-io, or /usr/log/sudo-io. If this option is specified, + I/O logs will be stored in the indicated directory instead. + Sudoers option: iolog_dir + + --with-lecture=no, --without-lecture + Don't print the lecture the first time a user runs sudo. + Sudoers option: !lecture + + --with-logfac=FACILITY + Determines which syslog facility to log to. This requires + a 4.3BSD or later version of syslog. You can still set + this for ancient syslogs but it will have no effect. The + following facilities are supported: authpriv (if your OS + supports it), auth, daemon, user, local0, local1, local2, + local3, local4, local5, local6, and local7. + Sudoers option: syslog + + --with-logging=TYPE + How you want to do your logging. You may choose "syslog", + "file", or "both". Setting this to "syslog" is nice because + you can keep all of your sudo logs in one place (see the + example syslog.conf file). The default is "syslog". + Sudoers options: syslog and logfile + + --with-loglen=NUMBER + Number of characters per line for the file log. This is only used if + you are to "file" or "both". This value is used to decide when to wrap + lines for nicer log files. The default is 80. Setting this to 0 + will disable the wrapping. + Sudoers options: loglinelen + + --with-logpath=PATH + Override the default location of the sudo log file and use + "path" instead. By default will use /var/log/sudo.log if + there is a /var/log dir, falling back to /var/adm/sudo.log + or /usr/adm/sudo.log if not. + Sudoers option: logfile + + --with-long-otp-prompt + When validating with a One Time Password scheme (S/Key or + OPIE), a two-line prompt is used to make it easier to cut + and paste the challenge to a local window. It's not as + pretty as the default but some people find it more convenient. + Sudoers option: long_otp_prompt + + --with-mail-if-no-user=no, --without-mail-if-no-user + Normally, sudo will mail to the "alertmail" user if the user invoking + sudo is not in the sudoers file. This option disables that behavior. + Sudoers option: mail_no_user + + --with-mail-if-no-host + Send mail to the "alermail" user if the user exists in the sudoers + file, but is not allowed to run commands on the current host. + Sudoers option: mail_no_host + + --with-mail-if-noperms + Send mail to the "alermail" user if the user is allowed to use sudo but + the command they are trying is not listed in their sudoers file entry. + Sudoers option: mail_no_perms + + --with-mailsubject="SUBJECT OF MAIL" + Subject of the mail sent to the "mailto" user. The token "%h" + will expand to the hostname of the machine. + The default value is "*** SECURITY information for %h ***". + Sudoers option: mailsub + + --with-mailto=USER|MAIL_ALIAS + User (or mail alias) that mail from sudo is sent to. + This should go to a sysadmin at your site. The default value is "root". + Sudoers option: mailto + + --with-passprompt="PASSWORD PROMPT" + Default prompt to use when asking for a password; can be overridden + via the -p option and the SUDO_PROMPT environment variable. Supports + the "%H", "%h", "%U" and "%u" escapes as documented in the sudo + manual page. The default value is "Password:". + Sudoers option: passprompt + + --with-password-timeout=NUMBER + Number of minutes before the sudo password prompt times out. + The default is 5, set this to 0 for no password timeout. + Sudoers option: passwd_timeout + + --with-passwd-tries=NUMBER + Number of tries a user gets to enter his/her password before sudo logs + the failure and exits. The default is 3. + Sudoers option: passwd_tries + + --with-runas-default=USER + The default user to run commands as if the -u flag is not specified + on the command line. This defaults to "root". + Sudoers option: runas_default + + --with-secure-path[=PATH] + Path used for every command run from sudo(8). If you don't trust + users to have a reasonable PATH environment variable you may want + to use this. Another use is if you want to have the "root path" + be separate from the "user path." You will need to customize the + path for your site. NOTE: this is not applied to users in the group + specified by --with-exemptgroup. If you do not specify a path, + "/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc" is used. + Sudoers option: secure_path + + --with-sendmail=PATH + Override configure's guess as to the location of sendmail. + Sudoers option: mailerpath + + --with-sendmail=no, --without-sendmail + Do not use sendmail to mail messages to the "mailto" user. + Use only if you don't run sendmail or the equivalent. + Sudoers options: !mailerpath or !mailto + + --with-sudoers-mode=MODE + File mode for the sudoers file (octal). Note that if you + wish to NFS-mount the sudoers file this must be group + readable. This value may overridden at run-time in the + sudo.conf file. The default mode is 0440. + + --with-sudoers-uid=UID + User id that "owns" the sudoers file. Note that this is + the numeric id, **not** the symbolic name. This value may + overridden at run-time in the sudo.conf file. The default + is 0. + + --with-sudoers-gid=GID + Group id that "owns" the sudoers file. Note that this is + the numeric id, **not** the symbolic name. This value may + overridden at run-time in the sudo.conf file. The default + is 0. + + --with-timeout=NUMBER + Number of minutes that can elapse before sudo will ask for a passwd + again. The default is 5, set it to 0 to always prompt for a password. + Sudoers option: timestamp_timeout + + --with-umask=MASK + Umask to use when running the root command. The default is 0022. + Sudoers option: umask + + --with-umask=no, --without-umask + Preserves the umask of the user invoking sudo. + Sudoers option: !umask + + --with-umask-override + Use the umask specified in sudoers even if it is less restrictive + than the user's. The default is to use the intersection of the + user's umask and the umask specified in sudoers. + Sudoers option: umask_override + +## OS dependent notes + +#### HP-UX + +The default C compiler shipped with HP-UX is not an ANSI compiler. +You must use either the HP ANSI C compiler or gcc to build sudo. +Binary packages of gcc are available from http://hpux.connect.org.uk/. + +To prevent PAM from overriding the value of umask on HP-UX 11, +you will need to add a line like the following to /etc/pam.conf: + + sudo session required libpam_hpsec.so.1 bypass_umask + +#### Linux + +PAM and LDAP headers are not installed by default on most Linux +systems. You will need to install the "pam-dev" (rpm) or libpam0g-dev +(deb) package if `/usr/include/security/pam_appl.h` is not present +on your system. If you wish to build with LDAP support you will +also need the "openldap-devel" (rpm) or "libldap2-dev" (deb) package. + +#### macOS + +The pseudo-tty support in the Mac OS X kernel has bugs related to +its handling of the SIGTSTP, SIGTTIN and SIGTTOU signals. It does +not restart reads and writes when those signals are delivered. This +may cause problems for some commands when I/O logging is enabled. +The issue has been reported to Apple and is bug id #7952709. + +#### Solaris + +You need to have a C compiler in order to build sudo. Since Solaris +does not come with one by default this means that you either need +to either install the Solaris Studio compiler suite, available for +free from www.oracle.com, or install the GNU C compiler (gcc) which +is can be installed via the pkg utility on Solaris 11 and higher +and is distributed on the Solaris Companion CD for older Solaris +releases. You can also download gcc packages from +http://www.opencsw.org/packages/CSWgcc4core/. diff --git a/MANIFEST b/MANIFEST index c35713def..565b506f9 100644 --- a/MANIFEST +++ b/MANIFEST @@ -1,12 +1,12 @@ ABOUT-NLS ChangeLog -INSTALL +INSTALL.md INSTALL.configure MANIFEST Makefile.in NEWS -README -README.LDAP +README.md +README.LDAP.md aclocal.m4 autogen.sh config.h.in @@ -21,13 +21,13 @@ docker/ubuntu/devel/Dockerfile docker/ubuntu/latest/Dockerfile docker/ubuntu/rolling/Dockerfile docs/CONTRIBUTING.md -docs/CONTRIBUTORS -docs/HISTORY -docs/LICENSE +docs/CONTRIBUTORS.md +docs/HISTORY.md +docs/LICENSE.md docs/Makefile.in docs/SECURITY.md -docs/TROUBLESHOOTING -docs/UPGRADE +docs/TROUBLESHOOTING.md +docs/UPGRADE.md docs/cvtsudoers.man.in docs/cvtsudoers.mdoc.in docs/fixman.sh diff --git a/README b/README deleted file mode 100644 index abb828098..000000000 --- a/README +++ /dev/null @@ -1,84 +0,0 @@ -The sudo philosophy -=================== -Sudo is a program designed to allow a sysadmin to give limited root privileges -to users and log root activity. The basic philosophy is to give as few -privileges as possible but still allow people to get their work done. - -Where to find sudo -================== -Before you try and build sudo, *please* make sure you have the current -version. The latest sudo may always be gotten via anonymous ftp from -ftp.sudo.ws in the directory /pub/sudo/ or from the sudo web site, -https://www.sudo.ws/ - -The distribution is sudo-M.m.tar.gz where `M' is the major version -number and `m' is the minor version number. BETA versions of sudo may -also be available. If you join the `sudo-workers' mailing list you -will get the BETA announcements (see the `Mailing lists' section below). - -What's new -========== -See the NEWS file for a list of major changes in this release. -For a complete list of changes, see the ChangeLog file. For a -summary of major changes to the current stable release, see the web -page, https://www.sudo.ws/stable.html. - -If you are upgrading from an earlier version of Sudo, please see -the UPGRADE file in the docs directory. - -For a history of sudo please see the HISTORY file in the docs directory. -You can find a list of contributors to sudo in the docs/CONTRIBUTORS file. - -Building the release -==================== -Please read the installation guide in the `INSTALL' file before trying to -build sudo. Pay special attention to the "OS dependent notes" section. - -Copyright -========= -Sudo is distributed under an ISC-style license. -Please refer to the `LICENSE' file included with the release for details. - -Mailing lists -============= -sudo-announce This list receives announcements whenever a new version - of sudo is released. - https://www.sudo.ws/mailman/listinfo/sudo-announce - -sudo-blog This list receives a message when a new sudo blog - article is available. - https://www.sudo.ws/mailman/listinfo/sudo-blog - -sudo-commits This list receives a message for each commit made to - the sudo source repository. - https://www.sudo.ws/mailman/listinfo/sudo-commits - -sudo-users This list is for questions and general discussion about sudo. - https://www.sudo.ws/mailman/listinfo/sudo-users - -sudo-workers This list is for people working on and porting sudo. - https://www.sudo.ws/mailman/listinfo/sudo-workers - -To subscribe to a list, visit its url (as listed above) and enter -your email address to subscribe. Digest versions are available but -these are fairly low traffic lists so the digest versions are not -a significant win. - -Mailing list archives are also available. See the mailing list web sites -for the appropriate links. - -Web page -======== -There is a sudo web page at https://www.sudo.ws/ that contains an -overview of sudo, documentation, downloads, a bug tracker, information -about beta versions and other useful info. - -Bug reports -=========== -If you have found what you believe to be a bug, you can file a bug -report in the sudo bug database, on the web at https://bugzilla.sudo.ws/. - -Please read over the `TROUBLESHOOTING' file in the docs directory *before* -submitting a bug report. When reporting bugs, please be sure to include -the version of sudo you are using as well as the platform you are running -it on. diff --git a/README.LDAP b/README.LDAP.md similarity index 72% rename from README.LDAP rename to README.LDAP.md index 4680d43a5..9e6397f8a 100644 --- a/README.LDAP +++ b/README.LDAP.md @@ -11,6 +11,7 @@ non LDAP-enabled build. LDAP philosophy =============== + As times change and servers become cheap, an enterprise can easily have 500+ UNIX servers. Using LDAP to synchronize Users, Groups, Hosts, Mounts, and others across an enterprise can greatly reduce the administrative overhead. @@ -27,6 +28,7 @@ For information on OpenLDAP, please see http://www.openldap.org/. Definitions =========== + Many times the word 'Directory' is used in the document to refer to the LDAP server, structure and contents. @@ -35,25 +37,27 @@ They are one and the same. Build instructions ================== -The simplest way to build sudo with LDAP support is to include the -'--with-ldap' option. - $ ./configure --with-ldap +The simplest way to build sudo with LDAP support is to include the +`--with-ldap` option. + + $ ./configure --with-ldap If your ldap libraries and headers are in a non-standard place, you will need to specify them at configure time. E.g. - $ ./configure --with-ldap=/usr/local/ldapsdk + $ ./configure --with-ldap=/usr/local/ldapsdk Sudo is developed using OpenLDAP but Netscape-based LDAP libraries (such as those present in Solaris) are also known to work. Your mileage may vary. Please let the sudo workers mailing list - know if special configuration was required +sudo-workers@sudo.ws know if special configuration was required to build an LDAP-enabled sudo so we can improve sudo. Schema Changes ============== + You must add the appropriate schema to your LDAP server before it can store sudoers content. @@ -61,13 +65,13 @@ For OpenLDAP, there are two options, depending on how slapd is configured. The first option is to copy the file schema.OpenLDAP to the schema directory (e.g. /etc/openldap/schema). You must then edit your -slapd.conf and add an include line the new schema, e.g. +slapd.conf and add an include line the new schema, for example: # Sudo LDAP schema include /etc/openldap/schema/sudo.schema In order for sudoRole LDAP queries to be efficient, the server must index -the attribute 'sudoUser', e.g. +the attribute 'sudoUser', for example: # Indices to maintain index sudoUser eq @@ -86,14 +90,14 @@ You can apply schema.olcSudo using the ldapadd utility or another suitable LDAP browser. For example: # ldapadd -f schema.olcSudo -H ldap://ldapserver -W -x \ - -D cn=Manager,dc=example,dc=com + -D cn=Manager,dc=example,dc=com There is no need to restart slapd when updating on-line configuration. For Netscape-derived LDAP servers such as SunONE, iPlanet or Fedora Directory, copy the schema.iPlanet file to the schema directory with the name 99sudo.ldif. -On Solaris, schemas are stored in /var/Sun/mps/slapd-`hostname`/config/schema/. +On Solaris, schemas are stored in /var/Sun/mps/slapd-\`hostname\`/config/schema/. For Fedora Directory Server, they are stored in /etc/dirsrv/schema/. After copying the schema file to the appropriate directory, restart @@ -112,74 +116,82 @@ to your Windows domain controller and run the following command: Importing /etc/sudoers into LDAP ================================ + Importing sudoers is a two-step process. -Step 1: -Ask your LDAP Administrator where to create the ou=SUDOers container. - -For instance, if using OpenLDAP: - - dn: ou=SUDOers,dc=example,dc=com - objectClass: top - objectClass: organizationalUnit - ou: SUDOers +1. Ask your LDAP Administrator where to create the ou=SUDOers container. + For instance, if using OpenLDAP: +``` + dn: ou=SUDOers,dc=example,dc=com + objectClass: top + objectClass: organizationalUnit + ou: SUDOers +``` (An example location is shown below). Then use the cvtsudoers utility to convert your sudoers file into LDIF format. +``` + # SUDOERS_BASE=ou=SUDOers,dc=example,dc=com + # export SUDOERS_BASE + # cvtsudoers -f ldif -o /tmp/sudoers.ldif /etc/sudoers +``` - # SUDOERS_BASE=ou=SUDOers,dc=example,dc=com - # export SUDOERS_BASE - # cvtsudoers -f ldif -o /tmp/sudoers.ldif /etc/sudoers +2. Import into your directory server. The following example is for + OpenLDAP. If you are using another directory, provide the LDIF + file to your LDAP Administrator. +``` + # ldapadd -f /tmp/sudoers.ldif -H ldap://ldapserver \ + -D cn=Manager,dc=example,dc=com -W -x +``` -Step 2: -Import into your directory server. The following example is for -OpenLDAP. If you are using another directory, provide the LDIF -file to your LDAP Administrator. - - # ldapadd -f /tmp/sudoers.ldif -H ldap://ldapserver \ - -D cn=Manager,dc=example,dc=com -W -x - -Step 3: -Verify the sudoers LDAP data: - - # ldapsearch -b "$SUDOERS_BASE" -D cn=Manager,dc=example,dc=com -W -x +3. Verify the sudoers LDAP data: +``` + # ldapsearch -b "$SUDOERS_BASE" -D cn=Manager,dc=example,dc=com -W -x +``` Managing LDAP entries ===================== + Doing a one-time bulk load of your ldap entries is fine. However what if you need to make minor changes on a daily basis? It doesn't make sense to delete and re-add objects. (You can, but this is tedious). I recommend using any of the following LDAP browsers to administer your SUDOers. - * GQ - The gentleman's LDAP client - Open Source - I use this a lot on Linux - and since it is Schema aware, I don't need to create a sudoRole template. - http://sourceforge.net/projects/gqclient/ - * phpQLAdmin - Open Source - phpQLAdmin is an administration tool, - originally for QmailLDAP, that supports editing sudoRole objects - in version 2.3.2 and higher. - http://phpqladmin.com/ + * GQ - The gentleman's LDAP client - Open Source - I use this a lot on Linux + and since it is Schema aware, I don't need to create a sudoRole template. - * LDAP Browser/Editor - by Jarek Gawor - I use this a lot on Windows - and Solaris. It runs anywhere in a Java Virtual Machine including - web pages. You have to make a template from an existing sudoRole entry. - http://www.iit.edu/~gawojar/ldap - http://www.mcs.anl.gov/~gawor/ldap - http://ldapmanager.com + http://sourceforge.net/projects/gqclient/ + + * phpQLAdmin - Open Source - phpQLAdmin is an administration tool, + originally for QmailLDAP, that supports editing sudoRole objects + in version 2.3.2 and higher. + + http://phpqladmin.com/ + + * LDAP Browser/Editor - by Jarek Gawor - I use this a lot on Windows + and Solaris. It runs anywhere in a Java Virtual Machine including + web pages. You have to make a template from an existing sudoRole entry. + + http://www.iit.edu/~gawojar/ldap + http://www.mcs.anl.gov/~gawor/ldap + http://ldapmanager.com + + * Apache Directory Studio - Open Source - an Eclipse-based LDAP + development platform. Includes an LDAP browser, and LDIF editor, + a schema editor and more. - * Apache Directory Studio - Open Source - an Eclipse-based LDAP - development platform. Includes an LDAP browser, and LDIF editor, - a schema editor and more. http://directory.apache.org/studio There are dozens of others, some Open Source, some free, some not. Configure your /etc/ldap.conf and /etc/nsswitch.conf ==================================================== + The /etc/ldap.conf file is meant to be shared between sudo, pam_ldap, nss_ldap and other ldap applications and modules. IBM Secureway unfortunately uses the same file name but has a different syntax. If you need to change where -this file is stored, re-run configure with the --with-ldap-conf-file=PATH +this file is stored, re-run configure with the `--with-ldap-conf-file=PATH` option. See the "Configuring ldap.conf" section in the sudoers.ldap manual @@ -192,12 +204,13 @@ After configuring /etc/ldap.conf, you must add a line in /etc/nsswitch.conf to tell sudo to look in LDAP for sudoers. See the "Configuring nsswitch.conf" section in the sudoers.ldap manual for details. Note that sudo will use /etc/nsswitch.conf even if the underlying operating system does not support it. -To disable nsswitch support, run configure with the --with-nsswitch=no option. +To disable nsswitch support, run configure with the `--with-nsswitch=no` option. This will cause sudo to consult LDAP first and /etc/sudoers second, unless the ignore_sudoers_file flag is set in the global LDAP options. Debugging your LDAP configuration ================================= + Enable debugging if you believe sudo is not parsing LDAP the way you think it should. Setting the 'sudoers_debug' parameter to a value of 1 shows moderate debugging. A value of 2 shows the results of the matches themselves. Make diff --git a/README.md b/README.md new file mode 100644 index 000000000..d3e4786e6 --- /dev/null +++ b/README.md @@ -0,0 +1,103 @@ +## The sudo philosophy + +Sudo is a program designed to allow a sysadmin to give limited root privileges +to users and log root activity. The basic philosophy is to give as few +privileges as possible but still allow people to get their work done. + +## Where to find sudo + +Before you try and build sudo, *please* make sure you have the current +version. The latest sudo may always be gotten via anonymous ftp from +ftp.sudo.ws in the directory /pub/sudo/ or from the sudo web site, +https://www.sudo.ws/ + +The distribution is sudo-M.m.tar.gz where _M_ is the major version +number and _m_ is the minor version number. Beta versions of sudo may +also be available. If you join the _sudo-workers_ mailing list you +will get the beta announcements (see the Mailing lists section below). + +## What's new + +See the NEWS file for a list of major changes in this release. For +a complete list of changes, see the [ChangeLog](ChangeLog). +For a summary of major changes to the current stable release, see +https://www.sudo.ws/releases/stable/. + +If you are upgrading from an earlier version of Sudo, please read +[docs/UPGRADE.md](docs/UPGRADE.md) for information on changes in +behavior that may affect you. + +For a history of sudo please see [docs/HISTORY.md](docs/HISTORY.md). +You can find a list of contributors to sudo in +[docs/CONTRIBUTORS.md](docs/CONTRIBUTORS.md). + +## Building the release + +Please read the installation guide, [INSTALL.md](INSTALL.md), before +trying to build sudo. Pay special attention to the "OS dependent notes" +section. + +## How to contribute + +See [docs/CONTRIBUTING.md](docs/CONTRIBUTING.md) for information on +how you can help contribute to sudo. + +## Copyright + +Sudo is distributed under an ISC-style license. +Please refer to [docs/LICENSE.md](docs/LICENSE.md) for details. + +## Mailing lists + +#### sudo-announce + +This list receives announcements whenever a new version of sudo is +released. https://www.sudo.ws/mailman/listinfo/sudo-announce + +#### sudo-blog + +This list receives a message when a new sudo blog article is +available. https://www.sudo.ws/mailman/listinfo/sudo-blog + +#### sudo-commits + +This list receives a message for each commit made to the sudo source +repository. https://www.sudo.ws/mailman/listinfo/sudo-commits + +#### sudo-users + +This list is for questions and general discussion about sudo. +https://www.sudo.ws/mailman/listinfo/sudo-users + +#### sudo-workers + +This list is for people working on and porting sudo. +https://www.sudo.ws/mailman/listinfo/sudo-workers + +To subscribe to a list, visit its url (listed above) and enter your +email address to subscribe. Digest versions are available but these are +fairly low traffic lists so the digest versions are not a significant win. + +Mailing list archives are also available. See the mailing list web sites +for the appropriate links. + +## Web page + +There is a sudo web page at https://www.sudo.ws/ that contains an overview +of sudo, documentation, downloads, a bug tracker, the sudo blog, information +about beta versions and other useful info. + +## Bug reports + +If you have found what you believe to be a bug, you can file a bug +report in the sudo bug database, at https://bugzilla.sudo.ws/. +Alternately, you can file a GitHub issue if that is easier for you +at https://github.com/sudo-project/sudo/issues/. + +Please see [docs/SECURITY.md](docs/SECURITY.md) for our security +policy and how to report security issues. + +Please read over [docs/TROUBLESHOOTING.md](docs/TROUBLESHOOTING.md) +*before* submitting a bug report. When reporting bugs, please be +sure to include the version of sudo you are using as well as the +platform you are running it on. diff --git a/docs/CONTRIBUTING.md b/docs/CONTRIBUTING.md index d1a265ed5..ead78b975 100644 --- a/docs/CONTRIBUTING.md +++ b/docs/CONTRIBUTING.md @@ -5,9 +5,9 @@ number of way you can help make Sudo better. ## Getting started -To get an overview of Sudo, please read the [README](../README). There -are multiple ways to contribute, some of which don't require writing -a single line of code. +To get an overview of Sudo, please read the [README.md](../README.md). +There are multiple ways to contribute, some of which don't require +writing a single line of code. ## Filing bug reports/issues @@ -18,8 +18,8 @@ email, messages may be sent to the [sudo-workers@sudo.ws mailing list](https://www.sudo.ws/mailman/listinfo/sudo-workers) (public) or to sudo@sudo.ws (private). -For information on reporting security issues, please see the -[SECURITY](docs/SECURITY.md) file. +For information on reporting security issues, please see +[SECURITY.md](SECURITY.md). Please include the version of sudo you are using, the operating system and/or distro that is affected, and step-by-step instructions diff --git a/docs/CONTRIBUTORS b/docs/CONTRIBUTORS.md similarity index 97% rename from docs/CONTRIBUTORS rename to docs/CONTRIBUTORS.md index 9f2be7625..cebb3730a 100644 --- a/docs/CONTRIBUTORS +++ b/docs/CONTRIBUTORS.md @@ -1,6 +1,6 @@ -The following list of people, sorted by last name, have contributed +The following list of people, sorted by last name, have contributed code or patches to this implementation of sudo since I began -maintaining it in 1993. This list is known to be incomplete--if +maintaining it in 1993. This list is known to be incomplete--if you believe you should be listed, please send a note to sudo@sudo.ws. Ackeret, Matt diff --git a/docs/HISTORY b/docs/HISTORY.md similarity index 91% rename from docs/HISTORY rename to docs/HISTORY.md index 61f2c885e..700525bce 100644 --- a/docs/HISTORY +++ b/docs/HISTORY.md @@ -1,6 +1,7 @@ -A Brief History of Sudo: +A Brief History of Sudo +======================= -The Early Years +## The Early Years Sudo was first conceived and implemented by Bob Coggeshall and Cliff Spencer around 1980 at the Department of Computer Science at SUNY/Buffalo. It ran on @@ -8,19 +9,19 @@ a VAX-11/750 running 4.1BSD. An updated version, credited to Phil Betchel, Cliff Spencer, Gretchen Phillips, John LoVerso and Don Gworek, was posted to the net.sources Usenet newsgroup in December of 1985. -Sudo at CU-Boulder +## Sudo at CU-Boulder In the Summer of 1986, Garth Snyder released an enhanced version of sudo. For the next 5 years, sudo was fed and watered by a handful of folks at CU-Boulder, including Bob Coggeshall, Bob Manchek, and Trent Hein. -Root Group Sudo +## Root Group Sudo In 1991, Dave Hieb and Jeff Nieusma wrote a new version of sudo with an enhanced sudoers format under contract to a consulting firm called "The Root Group". This version was later released under the GNU public license. -CU Sudo +## CU Sudo In 1994, after maintaining sudo informally within CU-Boulder for some time, Todd C. Miller made a public release of "CU sudo" (version 1.3) with bug @@ -35,7 +36,7 @@ In 1996, Todd, who had been maintaining sudo for several years in his spare time, moved distribution of sudo from a CU-Boulder ftp site to his domain, courtesan.com. -Just Plain Sudo +## Just Plain Sudo In 1999, the "CU" prefix was dropped from the name since there had been no formal release of sudo from "The Root Group" since 1991 (the original @@ -46,20 +47,20 @@ license. In 2001, the sudo web site, ftp site and mailing lists were moved from courtesan.com to the sudo.ws domain (sudo.org was already taken). -LDAP Integration +## LDAP Integration In 2003, Nationwide Mutual Insurance Company contributed code written by Aaron Spangler to store the sudoers data in LDAP. These changes were incorporated into Sudo 1.6.8. -New Parser +## New Parser In 2005, Todd rewrote the sudoers parser to better support the features that had been added in the past ten years. This new parser removes some limitations of the previous one, removes ordering constraints and adds support for including multiple sudoers files. -Quest Sponsorship +## Quest Sponsorship In 2010, Quest Software began sponsoring Sudo development by hiring Todd to work on Sudo as part of his full-time job. This enabled @@ -67,10 +68,10 @@ the addition of I/O logging, the plugin API, the log server, additional regression and fuzz tests, support for binary packages and more regular releases. -Present Day +## Present Day Sudo, in its current form, is maintained by: - Todd C. Miller + Todd C. Miller Todd continues to enhance sudo and fix bugs. diff --git a/docs/LICENSE b/docs/LICENSE deleted file mode 100644 index 85e9a3d1f..000000000 --- a/docs/LICENSE +++ /dev/null @@ -1,347 +0,0 @@ -Sudo is distributed under the following license: - - Copyright (c) 1994-1996, 1998-2021 - Todd C. Miller - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - - Sponsored in part by the Defense Advanced Research Projects - Agency (DARPA) and Air Force Research Laboratory, Air Force - Materiel Command, USAF, under agreement number F39502-99-1-0512. - -The Python plugin bindings bear the following license: - - Copyright (c) 2019-2020 Robert Manner - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -The files hostcheck.c and hostcheck.h bear the following license: - - Copyright (c) 2020 Laszlo Orban - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -The file redblack.c bears the following license: - - Copyright (c) 2001 Emin Martinian - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that neither the name of Emin - Martinian nor the names of any contributors are be used to endorse or - promote products derived from this software without specific prior - written permission. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -The file sssd.c bears the following license: - - Copyright (c) 2011 Daniel Kopecek - - This code is derived from software contributed by Aaron Spangler. - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -The files bsm_audit.c and bsm_audit.h bear the following license: - - Copyright (c) 2009 Christian S.J. Peron - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -The files solaris_audit.c and solaris_audit.h bear the following license: - - Copyright (c) 2014, Oracle and/or its affiliates. - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -The file reallocarray.c bears the following license: - - Copyright (c) 2008 Otto Moerbeek - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -The files getcwd.c, glob.c, glob.h, snprintf.c and sudo_queue.h bear the -following license: - - Copyright (c) 1989, 1990, 1991, 1993 - The Regents of the University of California. All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - 3. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - SUCH DAMAGE. - -The file fnmatch.c bears the following license: - - Copyright (c) 2011, VMware, Inc. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the VMware, Inc. nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - ARE DISCLAIMED. IN NO EVENT SHALL VMWARE, INC. OR CONTRIBUTORS BE LIABLE FOR - ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -The file getopt_long.c bears the following license: - - Copyright (c) 2000 The NetBSD Foundation, Inc. - All rights reserved. - - This code is derived from software contributed to The NetBSD Foundation - by Dieter Baron and Thomas Klausner. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - -The file inet_pton.c bears the following license: - - Copyright (c) 1996 by Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - SOFTWARE. - -The file arc4random.c bears the following license: - - Copyright (c) 1996, David Mazieres - Copyright (c) 2008, Damien Miller - Copyright (c) 2013, Markus Friedl - Copyright (c) 2014, Theo de Raadt - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -The file arc4random_uniform.c bears the following license: - - Copyright (c) 2008, Damien Miller - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -The file getentropy.c bears the following license: - - Copyright (c) 2014 Theo de Raadt - Copyright (c) 2014 Bob Beck - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -The embedded copy of zlib bears the following license: - - Copyright (C) 1995-2017 Jean-loup Gailly and Mark Adler - - This software is provided 'as-is', without any express or implied - warranty. In no event will the authors be held liable for any damages - arising from the use of this software. - - Permission is granted to anyone to use this software for any purpose, - including commercial applications, and to alter it and redistribute it - freely, subject to the following restrictions: - - 1. The origin of this software must not be misrepresented; you must not - claim that you wrote the original software. If you use this software - in a product, an acknowledgment in the product documentation would be - appreciated but is not required. - 2. Altered source versions must be plainly marked as such, and must not be - misrepresented as being the original software. - 3. This notice may not be removed or altered from any source distribution. - - Jean-loup Gailly Mark Adler - jloup@gzip.org madler@alumni.caltech.edu - -The embedded copy of protobuf-c bears the following license: - - Copyright (c) 2008-2018, Dave Benson and the protobuf-c authors. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - - * Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials - provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/docs/LICENSE.md b/docs/LICENSE.md new file mode 100644 index 000000000..68df8129d --- /dev/null +++ b/docs/LICENSE.md @@ -0,0 +1,347 @@ +Sudo is distributed under the following license: + + Copyright (c) 1994-1996, 1998-2021 + Todd C. Miller + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + Sponsored in part by the Defense Advanced Research Projects + Agency (DARPA) and Air Force Research Laboratory, Air Force + Materiel Command, USAF, under agreement number F39502-99-1-0512. + +The Python plugin bindings bear the following license: + + Copyright (c) 2019-2020 Robert Manner + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +The files hostcheck.c and hostcheck.h bear the following license: + + Copyright (c) 2020 Laszlo Orban + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +The file redblack.c bears the following license: + + Copyright (c) 2001 Emin Martinian + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that neither the name of Emin + Martinian nor the names of any contributors are be used to endorse or + promote products derived from this software without specific prior + written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +The file sssd.c bears the following license: + + Copyright (c) 2011 Daniel Kopecek + + This code is derived from software contributed by Aaron Spangler. + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +The files bsm_audit.c and bsm_audit.h bear the following license: + + Copyright (c) 2009 Christian S.J. Peron + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +The files solaris_audit.c and solaris_audit.h bear the following license: + + Copyright (c) 2014, Oracle and/or its affiliates. + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +The file reallocarray.c bears the following license: + + Copyright (c) 2008 Otto Moerbeek + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +The files getcwd.c, glob.c, glob.h, snprintf.c and sudo_queue.h bear the +following license: + + Copyright (c) 1989, 1990, 1991, 1993 + The Regents of the University of California. All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. Neither the name of the University nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + +The file fnmatch.c bears the following license: + + Copyright (c) 2011, VMware, Inc. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the VMware, Inc. nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL VMWARE, INC. OR CONTRIBUTORS BE LIABLE FOR + ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +The file getopt_long.c bears the following license: + + Copyright (c) 2000 The NetBSD Foundation, Inc. + All rights reserved. + + This code is derived from software contributed to The NetBSD Foundation + by Dieter Baron and Thomas Klausner. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +The file inet_pton.c bears the following license: + + Copyright (c) 1996 by Internet Software Consortium. + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS + ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE + CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + SOFTWARE. + +The file arc4random.c bears the following license: + + Copyright (c) 1996, David Mazieres + Copyright (c) 2008, Damien Miller + Copyright (c) 2013, Markus Friedl + Copyright (c) 2014, Theo de Raadt + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +The file arc4random_uniform.c bears the following license: + + Copyright (c) 2008, Damien Miller + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +The file getentropy.c bears the following license: + + Copyright (c) 2014 Theo de Raadt + Copyright (c) 2014 Bob Beck + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +The embedded copy of zlib bears the following license: + + Copyright (C) 1995-2017 Jean-loup Gailly and Mark Adler + + This software is provided 'as-is', without any express or implied + warranty. In no event will the authors be held liable for any damages + arising from the use of this software. + + Permission is granted to anyone to use this software for any purpose, + including commercial applications, and to alter it and redistribute it + freely, subject to the following restrictions: + + 1. The origin of this software must not be misrepresented; you must not + claim that you wrote the original software. If you use this software + in a product, an acknowledgment in the product documentation would be + appreciated but is not required. + 2. Altered source versions must be plainly marked as such, and must not be + misrepresented as being the original software. + 3. This notice may not be removed or altered from any source distribution. + + Jean-loup Gailly Mark Adler + jloup@gzip.org madler@alumni.caltech.edu + +The embedded copy of protobuf-c bears the following license: + + Copyright (c) 2008-2018, Dave Benson and the protobuf-c authors. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials + provided with the distribution. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/docs/Makefile.in b/docs/Makefile.in index 1526891c7..19ca55317 100644 --- a/docs/Makefile.in +++ b/docs/Makefile.in @@ -88,11 +88,13 @@ DEVDOCS = $(srcdir)/cvtsudoers.man.in $(srcdir)/sudo.conf.man.in \ $(srcdir)/sudoers.man.in $(srcdir)/sudoers_timestamp.man.in \ $(srcdir)/sudoreplay.man.in $(srcdir)/visudo.man.in -OTHER_DOCS = $(top_srcdir)/ChangeLog $(top_srcdir)/README \ - $(top_srcdir)/NEWS $(srcdir)/HISTORY $(srcdir)/CONTRIBUTORS \ - $(srcdir)/LICENSE $(srcdir)/TROUBLESHOOTING $(srcdir)/UPGRADE +OTHER_DOCS = $(top_srcdir)/ChangeLog $(top_srcdir)/NEWS \ + $(top_srcdir)/README.md $(srcdir)/CONTRIBUTING.md \ + $(srcdir)/CONTRIBUTORS.md $(srcdir)/HISTORY.md \ + $(srcdir)/LICENSE.md $(srcdir)/SECURITY.md \ + $(srcdir)/TROUBLESHOOTING.md $(srcdir)/UPGRADE.md -OTHER_DOCS_LDAP = $(top_srcdir)/README.LDAP $(srcdir)/schema.* +OTHER_DOCS_LDAP = $(top_srcdir)/README.LDAP.md $(srcdir)/schema.* VERSION = @PACKAGE_VERSION@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ diff --git a/docs/TROUBLESHOOTING b/docs/TROUBLESHOOTING deleted file mode 100644 index bc7f1a6e0..000000000 --- a/docs/TROUBLESHOOTING +++ /dev/null @@ -1,295 +0,0 @@ -Troubleshooting tips and FAQ for Sudo -===================================== - -Q) When I run configure, it says "C compiler cannot create executables". -A) This usually means you either don't have a working compiler. This - could be due to the lack of a license or that some component of the - compiler suite could not be found. Check config.log for clues as - to why this is happening. On many systems, compiler components live - in /usr/ccs/bin which may not be in your PATH environment variable. - -Q) When I run configure, it says "sudo requires the 'ar' utility to build". -A) As part of the build process, sudo creates a temporary library containing - objects that are shared amongst the different sudo executables. - On Unix systems, the "ar" utility is used to do this. This error - indicates that "ar" is missing on your system. On Solaris systems, - you may need to install the SUNWbtool package. On other systems - "ar" may be included in the GNU binutils package. - -Q) Sudo compiles and installs OK but when I try to run it I get: - /usr/local/bin/sudo must be owned by uid 0 and have the setuid bit set -A) Sudo must be setuid root to do its work. Either /usr/local/bin/sudo - is not owned by uid 0 or the setuid bit is not set. This should have - been done for you by "make install" but you can fix it manually by - running the following as root: - # chown root /usr/local/bin/sudo; chmod 4755 /usr/local/bin/sudo - -Q) Sudo compiles and installs OK but when I try to run it I get: - effective uid is not 0, is /usr/local/bin/sudo on a file system with the - 'nosuid' option set or an NFS file system without root privileges? -A) The owner and permissions on the sudo binary appear to be OK but when - sudo ran, the setuid bit did not have an effect. There are two common - causes for this. The first is that the file system the sudo binary - is located on is mounted with the 'nosuid' mount option, which disables - setuid binaries. The output of the "mount" command should tell you if - the file system is mounted with the 'nosuid' option. The other possible - cause is that sudo is installed on an NFS-mounted file system that is - exported without root privileges. By default, NFS file systems are - exported with uid 0 mapped to a non-privileged uid (usually -2). You - should be able to determine whether sudo is located on an NFS-mounted - filesystem by running "df `which sudo'". - -Q) Sudo never gives me a chance to enter a password using PAM, it just - says 'Sorry, try again.' three times and exits. -A) You didn't setup PAM to work with sudo. On RedHat Linux or Fedora - Core this generally means installing the sample pam.conf file as - /etc/pam.d/sudo. See the example pam.conf file for hints on what - to use for other Linux systems. - -Q) Sudo says 'Account expired or PAM config lacks an "account" - section for sudo, contact your system administrator' and exits - but I know my account has not expired. -A) Your PAM config lacks an "account" specification. On Linux this - usually means you are missing a line like: - account required pam_unix.so - in /etc/pam.d/sudo. - -Q) Sudo is setup to log via syslog(3) but I'm not getting any log - messages. -A) Make sure you have an entry in your syslog.conf file to save - the sudo messages (see the example syslog.conf file). The default - log facility is authpriv (changeable via configure or in sudoers). - Don't forget to send a SIGHUP to your syslogd so that it re-reads - its conf file. Also, remember that syslogd does *not* create - log files, you need to create the file before syslogd will log - to it (ie: touch /var/log/sudo). - Note: the facility (e.g. "auth.debug") must be separated from the - destination (e.g. "/var/log/auth" or "@loghost") by - tabs, *not* spaces. This is a common error. - -Q) When sudo asks me for my password it never accepts what I enter even - though I know I entered my password correctly. -A) If you are not using pam and your system uses shadow passwords, - it is possible that sudo didn't properly detect that shadow - passwords are in use. Take a look at the generated config.h - file and verify that the C function used for shadow password - look ups was detected. For instance, for SVR4-style shadow - passwords, HAVE_GETSPNAM should be defined (you can search for - the string "shadow passwords" in config.h with your editor). - Note that there is no define for 4.4BSD-based shadow passwords - since that just uses the standard getpw* routines. - -Q) Can sudo use the ssh agent for authentication instead of asking - for the user's Unix password? -A) Not directly, but you can use a PAM module like pam_ssh_agent_auth - or pam_ssh for this purpose. - -Q) I don't want the sudoers file in /etc, how can I specify where it - should go? -A) Use the --sysconfdir option to configure. Ie: - configure --sysconfdir=/dir/you/want/sudoers/in - -Q) Can I put the sudoers file in NIS/NIS+ or do I have to have a - copy on each machine? -A) There is no support for making an NIS/NIS+ map/table out of - the sudoers file at this time. You can distribute the sudoers - file via rsync or rdist. It is also possible to NFS-mount the - sudoers file. If you use LDAP at your site you may be interested - in sudo's LDAP sudoers support, see the README.LDAP file and the - sudoers.ldap manual. - -Q) I don't run sendmail on my machine. Does this mean that I cannot - use sudo? -A) No, you just need to disable mailing with a line like: - Defaults !mailerpath - in your sudoers file or run configure with the --without-sendmail - option. - -Q) When I run visudo it uses vi as the editor and I hate vi. How - can I make it use another editor? -A) You can specify the editor to use in visudo in the sudoers file. - See the "editor" and "env_editor" entries in the sudoers manual. - The defaults can also be set at configure time using the - --with-editor and --with-env-editor configure options. - -Q) Sudo appears to be removing some variables from the environment, why? -A) By default, sudo runs commands with a new, minimal environment. - The "env_keep" setting in sudoers can be used to control which - environment variables are preserved from the invoking user's - environment via the "env_keep" setting in sudoers. - - While it is possible to disable the "env_reset" setting, which - will preserve all environment variables that don't match a black - list, doing so is strongly discouraged. See the "Command - environment" section of the sudoers manual for more information. - -Q) Why does sudo reset the HOME environment variable? -A) Many programs use the HOME environment variable to locate - configuration and data files. Often, these configuration files - are treated as trusted input that affects how the program operates. - By controlling the configuration files, a user may be able to - cause the program to execute other commands without sudo's - restrictions or logging. - - Some programs perform extra checks when the real and effective - user-IDs differ, but because sudo runs commands with all user-IDs - set to the target user, these checks are insufficient. - - While it is possible to preserve the value of the HOME environment - variable by adding it to the "env_keep" list in the sudoers file, - doing so is strongly discouraged. Users wishing to edit files - with sudo should run sudoedit (or sudo -e) to get their accustomed - editor configuration instead of invoking the editor directly. - -Q) How can I keep sudo from asking for a password? -A) To specify this on a per-user (and per-command) basis, use the - 'NOPASSWD' tag right before the command list in sudoers. See - the sudoers man page and examples/sudoers for details. To disable - passwords completely, add !authenticate" to the Defaults line - in /etc/sudoers. You can also turn off authentication on a - per-user or per-host basis using a user or host-specific Defaults - entry in sudoers. To hard-code the global default, you can - configure with the --without-passwd option. - -Q) When I run configure, it dies with the following error: - "no acceptable cc found in $PATH". -A) /usr/ucb/cc was the only C compiler that configure could find. - You need to tell configure the path to the "real" C compiler - via the --with-CC option. On Solaris, the path is probably - something like "/opt/SUNWspro/SC4.0/bin/cc". If you have gcc - that will also work. - -Q) When I run configure, it dies with the following error: - Fatal Error: config.cache exists from another platform! - Please remove it and re-run configure. -A) configure caches the results of its tests in a file called - config.cache to make re-running configure speedy. However, - if you are building sudo for a different platform the results - in config.cache will be wrong so you need to remove config.cache. - You can do this by "rm config.cache" or "make realclean". - Note that "make realclean" will also remove any object files - and configure temp files that are laying around as well. - -Q) I built sudo on a Solaris 11 (or higher) machine but the resulting - binary doesn't work older Solaris versions. Why? -A) Starting with Solaris 11, asprintf(3) is included in the standard - C library. To build a version of sudo on a Solaris 11 machine that - will run on an older Solaris release, edit config.h and comment out - the lines: - #define HAVE_ASPRINTF 1 - #define HAVE_VASPRINTF 1 - and run make. - -Q) When I run "visudo" it says "sudoers file busy, try again later." - and doesn't do anything. -A) Someone else is currently editing the sudoers file with visudo. - -Q) When I try to use "cd" with sudo it says "cd: command not found". -A) "cd" is a shell built-in command, you can't run it as a command - since a child process (sudo) cannot affect the current working - directory of the parent (your shell). - -Q) When I try to use "cd" with sudo the command completes without - errors but nothing happens. -A) Even though "cd" is a shell built-in command, some operating systems - include a /usr/bin/cd command for some reason. A standalone - "cd" command is totally useless since a child process (cd) cannot - affect the current working directory of the parent (your shell). - Thus, "sudo cd /foo" will start a child process, change the - directory and immediately exit without doing anything useful. - -Q) When I run sudo it says I am not allowed to run the command as root - but I don't want to run it as root, I want to run it as another user. - My sudoers file entry looks like: - bob ALL=(oracle) ALL -A) The default user sudo tries to run things as is always root, even if - the invoking user can only run commands as a single, specific user. - This may change in the future but at the present time you have to - work around this using the 'runas_default' option in sudoers. - For example: - Defaults:bob runas_default=oracle - would achieve the desired result for the preceding sudoers fragment. - -Q) When I try to run sudo via ssh, I get the error: - sudo: a terminal is required to read the password; either use the -S - option to read from standard input or configure an askpass helper -A) If sudo needs to authenticate a user, it requires access to the user's - terminal to disable echo so the password is not displayed to the screen. - The above message indicates that no terminal was present. - - When running a command via ssh, a terminal is not allocated by default - which can cause this message. The "-t" option to ssh will force it to - allocate a tty. Alternately, you may be able to use the ssh-askpass - utility to prompt for the password if X11 forwarding is enabled and an - askpass helper is configured in the sudo.conf file. If you do not mind - your password being echoed to the screen, you may use sudo's -S option - to read the password from the standard input. Alternately, you may set - the "visiblepw" sudoers option which will allow the password to be entered - even when echo cannot be disabled, though this is not recommended. - -Q) When I try to use SSL-enabled LDAP with sudo I get an error: - unable to initialize SSL cert and key db: security library: bad database. - you must set TLS_CERT in /etc/ldap.conf to use SSL -A) On systems that use a Mozilla-derived LDAP SDK there must be a - certificate database in place to use SSL-encrypted LDAP connections. - This file is usually /var/ldap/cert8.db or /etc/ldap/cert8.db. - The actual number after "cert" will vary, depending on the version - of the LDAP SDK that is being used. If you do not have a certificate - database you can either copy one from a mozilla-derived browser, such - as firefox, or create one using the "certutil" command. You can run - "certutil" as follows and press the (or ) key at the - password prompt: - # certutil -N -d /var/ldap - Enter a password which will be used to encrypt your keys. - The password should be at least 8 characters long, - and should contain at least one non-alphabetic character. - - Enter new password: - Re-enter password: - -Q) On HP-UX, the umask setting in sudoers has no effect. -A) If your /etc/pam.conf file has the libpam_hpsec.so.1 session module - enabled, you may need to a add line like the following to pam.conf: - sudo session required libpam_hpsec.so.1 bypass_umask - -Q) When I run "sudo -i shell_alias" I get "command not found" even - though the alias is defined in my shell startup files. -A) Commands run via "sudo -i" are executed by the shell in - non-interactive mode. The bash shell will only parse aliases in - interactive mode unless the "expand_aliases" shell option is - set. If you add "shopt -s expand_aliases" to your .bash_profile - (or .profile if using that instead) the aliases should now be - available to "sudo -i". - -Q) When I run sudo on AIX I get the following error: - setuidx(ID_EFFECTIVE|ID_REAL|ID_SAVED, ROOT_UID): Operation not permitted. -A) AIX's Enhanced RBAC is preventing sudo from running. To fix - this, add the following entry to /etc/security/privcmds (adjust - the path to sudo as needed) and run the setkst command as root: - - /usr/local/bin/sudo: - accessauths = ALLOW_ALL - innateprivs = PV_DAC_GID,PV_DAC_R,PV_DAC_UID,PV_DAC_X,PV_FS_CHOWN,PV_PROC_PRIO,PV_NET_PORT,PV_NET_CNTL,PV_SU_UID - secflags = FSF_EPS - -Q) Sudo configures and builds without error but when I run it I get - a Segmentation fault. -A) If you are on a Linux system, the first thing to try is to run - configure with the --disable-pie option, then "make clean" and - "make". If that fixes the problem then your operating system - does not properly support position independent executables. - Please send a message to sudo@sudo.ws with system details such - as the Linux distro, kernel version and CPU architecture. - -Q) When I run configure I get the following error: - dlopen present but libtool doesn't appear to support your platform. -A) Libtool doesn't know how to support dynamic linking on the operating - system you are building for. If you are cross-compiling, you need to - specify the operating system, not just the CPU type. For example: - --host powerpc-unknown-linux - instead of just: - --host powerpc - -Q) How do you pronounce `sudo'? -A) The official pronunciation is soo-doo (for su "do"). However, an - alternate pronunciation, a homophone of "pseudo", is also common. diff --git a/docs/TROUBLESHOOTING.md b/docs/TROUBLESHOOTING.md new file mode 100644 index 000000000..aace4cb6c --- /dev/null +++ b/docs/TROUBLESHOOTING.md @@ -0,0 +1,337 @@ +Troubleshooting tips and FAQ for Sudo +===================================== + +#### When I run configure, it says "C compiler cannot create executables". + +> This usually means you either don't have a working compiler. This +> could be due to the lack of a license or that some component of the +> compiler suite could not be found. Check config.log for clues as +> to why this is happening. On many systems, compiler components live +> in /usr/ccs/bin which may not be in your PATH environment variable. + +#### When I run configure, it says "sudo requires the 'ar' utility to build". + +> As part of the build process, sudo creates a temporary library +> containing objects that are shared amongst the different sudo +> executables. On Unix systems, the 'ar' utility is used to do this. +> This error indicates that 'ar' is missing on your system. On Solaris +> systems, you may need to install the SUNWbtool package. On other +> systems 'ar' may be included in the GNU binutils package. + +#### Sudo compiles and installs successfully but when I try to run it I get: + + /usr/local/bin/sudo must be owned by uid 0 and have the setuid bit set + +> Sudo must be setuid root to do its work. Either /usr/local/bin/sudo +> is not owned by uid 0 or the setuid bit is not set. This should have +> been done for you by `make install` but you can fix it manually by +> running the following as root: + + chown root /usr/local/bin/sudo; chmod 4755 /usr/local/bin/sudo + +#### Sudo compiles and installs OK but when I try to run it I get: + + effective uid is not 0, is /usr/local/bin/sudo on a file system with the + 'nosuid' option set or an NFS file system without root privileges? + +> The owner and permissions on the sudo binary appear to be OK but when +> sudo ran, the setuid bit did not have an effect. There are two common +> causes for this. The first is that the file system the sudo binary +> is located on is mounted with the 'nosuid' mount option, which disables +> setuid binaries. The output of the 'mount' command should tell you if +> the file system is mounted with the 'nosuid' option. The other possible +> cause is that sudo is installed on an NFS-mounted file system that is +> exported without root privileges. By default, NFS file systems are +> exported with uid 0 mapped to a non-privileged uid (usually -2). You +> should be able to determine whether sudo is located on an NFS-mounted +> filesystem by running "df \`which sudo\`". + +#### Sudo never gives me a chance to enter a password using PAM + +It just says "Sorry, try again." three times and exits. + +> You didn't setup PAM to work with sudo. On RedHat or Fedora Linux +> this generally means installing the sample pam.conf file as +> /etc/pam.d/sudo. See the example pam.conf file for hints on what +> to use for other Linux systems. + +#### Sudo says my account has expired but I know it has not + +> If you get the following error from sudo: + + Account expired or PAM config lacks an 'account' section for sudo, + contact your system administrator` + +> when the account has not expired, your PAM config probably lacks +> an 'account' specification. On Linux this usually means you are +> missing a line in /etc/pam.d/sudo similar to: + + account required pam_unix.so + +#### Sudo is configured use syslog but nothing gets logged + +> Make sure you have an entry in your syslog.conf file to save +> the sudo messages (see the example syslog.conf file). The default +> log facility is authpriv (changeable via configure or in sudoers). +> Don't forget to send a SIGHUP to your syslogd so that it re-reads +> its conf file. Also, remember that syslogd does *not* create +> log files, you need to create the file before syslogd will log +> to it (ie: touch /var/log/sudo). + +> Note: the facility (e.g. 'auth.debug') must be separated from +> the destination (e.g. '/var/log/auth' or '@loghost') by tabs, +> *not* spaces. This is a common error. + +#### Sudo won't accept my password, even when entered correctly + +> If you are not using pam and your system uses shadow passwords, +> it is possible that sudo didn't properly detect that shadow +> passwords are in use. Take a look at the generated config.h +> file and verify that the C function used for shadow password +> look ups was detected. For instance, for SVR4-style shadow +> passwords, `HAVE_GETSPNAM` should be defined (you can search for +> the string 'shadow passwords' in config.h with your editor). +> Note that there is no define for 4.4BSD-based shadow passwords +> since that just uses the standard getpw* routines. + +#### Can sudo use the ssh agent instead of asking for the user's password? + +> Not directly, but you can use a PAM module like pam_ssh_agent_auth +> or pam_ssh for this purpose. + +#### I want to place the sudoers file in a directory other than /etc + +> Use the `--sysconfdir` option to configure. For example: + + configure --sysconfdir=/dir/you/want/sudoers/in + +> Alternately, you can set the path in the sudo.conf file as an +> argument to the sudoers.so plugin. For example: + + Plugin sudoers_policy sudoers.so sudoers_file=/path/to/sudoers + +#### Can I put the sudoers file in NIS/NIS+? + +> There is no support for making an NIS/NIS+ map/table out of the sudoers +> file at this time. You can distribute the sudoers file via rsync or rdist. +> It is also possible to NFS-mount the sudoers file. If you use LDAP at your +> site you may be interested in sudo's LDAP sudoers support, see +> [README.LDAP.md](../README.LDAP.md) and the sudoers.ldap manual. + +#### I don't run sendmail, does this mean that I cannot use sudo? + +> No, you just need to disable mailing with a line like: + + Defaults !mailerpath + +> in your sudoers file or run configure with the `--without-sendmail` +> option. + +#### How can I make visudo use a different editor? + +> You can specify the editor to use in visudo in the sudoers file. +> See the 'editor' and 'env_editor' entries in the sudoers manual. +> The defaults can also be set at configure time using the +> `--with-editor` and `--with-env-editor` configure options. + +#### Why does sudo modify the command's environment? + +> By default, sudo runs commands with a new, minimal environment. +> The 'env_keep' setting in sudoers can be used to control which +> environment variables are preserved from the invoking user's +> environment via the 'env_keep' setting in sudoers. +> +> While it is possible to disable the 'env_reset' setting, which +> will preserve all environment variables that don't match a black +> list, doing so is strongly discouraged. See the "Command +> environment" section of the sudoers manual for more information. + +#### Why does sudo reset the HOME environment variable? + +> Many programs use the HOME environment variable to locate +> configuration and data files. Often, these configuration files +> are treated as trusted input that affects how the program operates. +> By controlling the configuration files, a user may be able to +> cause the program to execute other commands without sudo's +> restrictions or logging. +> +> Some programs perform extra checks when the real and effective +> user-IDs differ, but because sudo runs commands with all user-IDs +> set to the target user, these checks are insufficient. +> +> While it is possible to preserve the value of the HOME environment +> variable by adding it to the 'env_keep' list in the sudoers file, +> doing so is strongly discouraged. Users wishing to edit files +> with sudo should run sudoedit (or sudo -e) to get their accustomed +> editor configuration instead of invoking the editor directly. + +#### How can I prevent sudo from asking for a password? + +> To specify this on a per-user (and per-command) basis, use the +> 'NOPASSWD' tag right before the command list in sudoers. See +> the sudoers man page and examples/sudoers for details. To disable +> passwords completely, add '!authenticate' to the Defaults line +> in /etc/sudoers. You can also turn off authentication on a +> per-user or per-host basis using a user or host-specific Defaults +> entry in sudoers. To hard-code the global default, you can +> configure with the `--without-passwd` option. + +#### The configure scripts says `no acceptable cc found in $PATH` + +> /usr/ucb/cc was the only C compiler that configure could find. +> You need to tell configure the path to the 'real' C compiler +> via the `--with-CC option`. On Solaris, the path is probably +> something like /opt/SUNWspro/SC4.0/bin/cc. If you have gcc +> that will also work. + +#### The configure scripts says "config.cache exists from another platform!" + +> configure caches the results of its tests in a file called +> config.cache to make re-running configure speedy. However, +> if you are building sudo for a different platform the results +> in config.cache will be wrong so you need to remove the config.cache file. +> You can do this via `rm config.cache` or `make realclean`. +> Note that `make realclean` will also remove any object files +> and configure temp files that are laying around as well. + +#### Why don't sudo binaries built on Solaris 11 run on Solaris 10? + +> Starting with Solaris 11, asprintf(3) is included in the standard +> C library. To build a version of sudo on a Solaris 11 machine that +> will run on an older Solaris release, edit config.h and comment out +> the lines: + + #define HAVE_ASPRINTF 1 + #define HAVE_VASPRINTF 1 + +> and run make. + +#### When I run 'visudo' it says "sudoers file busy, try again later." + +> Someone else is currently editing the sudoers file with visudo. + +#### When I try to use 'cd' with sudo it says "cd: command not found" + +> 'cd' is a shell built-in command, you can't run it as a command +> since a child process (sudo) cannot affect the current working +> directory of the parent (your shell). + +#### When I try to use 'cd' with sudo nothing happens. + +> Even though 'cd' is a shell built-in command, some operating systems +> include a /usr/bin/cd command for completeness. A standalone +> "cd' command is totally useless since a child process (cd) cannot +> affect the current working directory of the parent (your shell). +> Thus, `sudo cd /foo` will start a child process, change the +> directory and immediately exit without doing anything useful. + +#### How can I run a command via sudo as a user other than root? + +> The default user sudo tries to run things as is always root, even if +> the invoking user can only run commands as a single, specific user. +> This may change in the future but at the present time you have to +> work around this using the 'runas_default' option in sudoers. +> For example, given the following sudoers rule: + + bob ALL=(oracle) ALL + +> You can cause sudo to run all commands as 'oracle' for user 'bob' +> with a sudoers entry like: + + Defaults:bob runas_default=oracle + +#### When I try to run sudo via ssh, I get an error: + + sudo: a terminal is required to read the password; either use the -S + option to read from standard input or configure an askpass helper + +> If sudo needs to authenticate a user, it requires access to the user's +> terminal to disable echo so the password is not displayed to the screen. +> The above message indicates that no terminal was present. + +> When running a command via ssh, a terminal is not allocated by default +> which can cause this message. The '-t' option to ssh will force it to +> allocate a tty. Alternately, you may be able to use the ssh-askpass +> utility to prompt for the password if X11 forwarding is enabled and an +> askpass helper is configured in the sudo.conf file. If you do not mind +> your password being echoed to the screen, you may use sudo's -S option +> to read the password from the standard input. Alternately, you may set +> the 'visiblepw' sudoers option which will allow the password to be entered +> even when echo cannot be disabled, though this is not recommended. + +#### When I try to use SSL-enabled LDAP with sudo I get an error: + + unable to initialize SSL cert and key db: security library: bad database. + you must set TLS_CERT in /etc/ldap.conf to use SSL + +> On systems that use a Mozilla-derived LDAP SDK there must be a +> certificate database in place to use SSL-encrypted LDAP connections. +> This file is usually /var/ldap/cert8.db or /etc/ldap/cert8.db. +> The actual number after 'cert' will vary, depending on the version +> of the LDAP SDK that is being used. If you do not have a certificate +> database you can either copy one from a mozilla-derived browser, such +> as firefox, or create one using the `certutil` command. You can run +> `certutil` as follows and press the (or ) key at the +> password prompt: + + # certutil -N -d /var/ldap + +> Enter a password which will be used to encrypt your keys. +> The password should be at least 8 characters long, +> and should contain at least one non-alphabetic character. + + Enter new password: + Re-enter password: + +#### On HP-UX, the umask setting in sudoers has no effect. + +> If your /etc/pam.conf file has the libpam_hpsec.so.1 session module +> enabled, you may need to a add line like the following to pam.conf: +> sudo session required libpam_hpsec.so.1 bypass_umask + +#### When I run `sudo -i shell_alias` I get "command not found" + +> Commands run via `sudo -i` are executed by the shell in +> non-interactive mode. The bash shell will only parse aliases in +> interactive mode unless the 'expand_aliases' shell option is +> set. If you add `shopt -s expand_aliases` to your .bash_profile +> (or .profile if using that instead) the aliases should now be +> available to `sudo -i`. + +#### When I run sudo on AIX I get the following error: + + setuidx(ID_EFFECTIVE|ID_REAL|ID_SAVED, ROOT_UID): Operation not permitted. + +> AIX's Enhanced RBAC is preventing sudo from running. To fix +> this, add the following entry to /etc/security/privcmds (adjust +> the path to sudo as needed) and run the setkst command as root: + + /usr/local/bin/sudo: + accessauths = ALLOW_ALL + innateprivs = PV_DAC_GID,PV_DAC_R,PV_DAC_UID,PV_DAC_X,PV_FS_CHOWN,PV_PROC_PRIO,PV_NET_PORT,PV_NET_CNTL,PV_SU_UID + secflags = FSF_EPS + +#### Sudo builds without error but when I run it I get a Segmentation fault. + +> If you are on a Linux system, the first thing to try is to run +> configure with the `--disable-pie` option, then `make clean` and +> `make`. If that fixes the problem then your operating system +> does not properly support position independent executables. +> Please send a message to sudo@sudo.ws with system details such +> as the Linux distro, kernel version and CPU architecture. + +#### When I run configure I get the following error: + + dlopen present but libtool doesn't appear to support your platform. + +> Libtool doesn't know how to support dynamic linking on the operating +> system you are building for. If you are cross-compiling, you need to +> specify the operating system, not just the CPU type. For example, +> `--host powerpc-unknown-linux` +> instead of just: +> `--host powerpc` + +#### How do you pronounce 'sudo'? + +> The official pronunciation is soo-doo (for su 'do'). However, an +> alternate pronunciation, a homophone of 'pseudo', is also common. diff --git a/docs/UPGRADE b/docs/UPGRADE deleted file mode 100644 index c893e0f4e..000000000 --- a/docs/UPGRADE +++ /dev/null @@ -1,560 +0,0 @@ -Notes on upgrading from an older release -======================================== - -o Upgrading from a version prior to 1.9.9: - - On systems where SELinux is enabled and sudo is built with - SELinux support, if the user's role is not "unconfined_r" sudo - will always execute commands via the "sesh" helper program. - Previously, commands were only executed via "sesh" if a role - was specified in the sudoers file rule or by the user on the - command line. - - Sudo now runs commands with the core limit resource limit set - to 0 by default. While most operating systems restrict core - dumps of set-user-ID programs like sudo, this protection is - lost when sudo executes a command. By disabling core dumps by - default, it is possible to avoid potential security problems - such as those seen with the Linux logrotate utility, which could - interpret a core dump as a valid configuration file. - -o Upgrading from a version prior to 1.9.7: - - Sudo now links with OpenSSL 1.0.1 or higher by default if it - is present on the system unless it is explicitly disabled (via - --disable-openssl), or unless the sudo log client and server - code is disabled (via --disable-log-client and --disable-log-server). - As a result, the sudo log server (and the client built into the - sudoers plugin) now support TLS connections by default. - -o Upgrading from a version prior to 1.9.3: - - Due to the addition of the CHROOT and CWD options, it is no - longer possible to declare an alias with one of those names. - If a sudoers file has an alias with one of those names, sudo - and visudo will report a syntax error with a message like - "syntax error: unexpected CHROOT, expecting ALIAS". - - Starting with version 1.9.3, sudoers rules must end in either - a newline or the end-of-file. This makes it possible to provide - better error messages. Previously, it was possible to include - multiple rules on a single line, separated by white space. - - Starting with version 1.9.3, sudo will attempt to recover from - a syntax error in the sudoers file by discarding the portion - of the line that contains the error until the end of the line. - To restore the historic behavior of refusing to run when a - syntax error is encountered, add "error_recovery=false" as a - plugin option in sudo.conf for the "sudoers_audit" plugin, (or - "sudoers_policy" if there is no "sudoers_audit" plugin configured). - -o Upgrading from a version prior to 1.9.1: - - Starting with version 1.9.1, sudoers plugin arguments in sudo.conf - should be specified for the "sudoers_audit" plugin, not - "sudoers_policy". This is because the sudoers file is now - opened and parsed by the "sudoers_audit" plugin. Previously, - this was done by the "sudoers_policy" plugin. The use of an - audit plugin makes it possible for the sudoers module to detect - when a command has been rejected by an approval plugin and only - log commands that are allowed by both policy and approval - plugins. - -o Upgrading from a version prior to 1.8.30: - - Starting with version 1.8.30, sudo will no longer allow commands - to be run as a user or group ID that is not in the password or - group databases by default. Previously, sudo would always allow - unknown user or group IDs if the sudoers entry permitted it, - including via the "ALL" alias. The old behavior can be restored - by setting the new "allow_unknown_runas_id" Defaults setting - in the sudoers file. - -o Upgrading from a version prior to 1.8.29: - - Starting with version 1.8.29, if the umask is explicitly set - in sudoers, that value is used regardless of the umask specified - by PAM or login.conf. However, if the umask is not explicitly - set in sudoers, PAM or login.conf may now override the default - sudoers umask. Previously, the sudoers umask always overrode - the umask set by PAM, which was not the documented behavior. - -o Upgrading from a version prior to 1.8.28: - - Starting with version 1.8.28, sudo stores the signal that caused - a command to be suspended or resumed as a string in the I/O log - timing file. The version of sudoreplay included with sudo - 1.8.28 can process either type of I/O log file but older versions - of sudoreplay are unable to replay the newer logs. - - Starting with version 1.8.28, sudoedit honors the umask and - umask_override settings in sudoers. Previously, the user's - umask was used as-is. - -o Upgrading from a version prior to 1.8.26: - - Starting with version 1.8.26, sudo no long sets the USERNAME - environment variable when running commands. This is a non-standard - environment variable that was set on some older Linux systems. - Sudo still sets the LOGNAME, USER and, on AIX systems, LOGIN - environment variables. - - Handling of the LOGNAME, USER (and on AIX, LOGIN) environment - variables has changed slightly in version 1.8.26. Sudo now - treats those variables as a single unit. This means that if - one variable is preserved or removed from the environment using - env_keep, env_check or env_delete, the others are too. - -o Upgrading from a version prior to 1.8.23: - - In sudo 1.8.23 the "sudoers2ldif" script and the "visudo -x" - functionality has been superseded by the "cvtsudoers" utility. - The cvtsudoers utility is intended to be a drop-in replacement - for "sudoers2ldif". Because it uses the same parser as sudo - and visudo, cvtsudoers can perform a more accurate conversion - than sudoers2ldif could. - - To convert a sudoers file to JSON, the format option must be - specified. For example, instead of: - - visudo -f sudoers_file -x output_file - - one would use: - - cvtsudoers -f json -o output_file sudoers_file - - Note that unlike "visudo -x", "cvtsudoers" reads from the - standard input by default. Also, the base DN may be specified - on the command line, if desired, using the -b option. - -o Upgrading from a version prior to 1.8.20: - - Due to the addition of the TIMEOUT, NOTBEFORE and NOTAFTTER - options, it is no longer possible to declare an alias with one - of those names. If a sudoers file has an alias with one of - those names, sudo and visudo will report a syntax error with a - message like "syntax error: unexpected TIMEOUT, expecting ALIAS". - - Starting with version 1.9.3, sudoers rules must end in either - Prior to version 1.8.20, when log_input, log_output or use_pty - were enabled, if any of the standard input, output or error - were not connected to a terminal, sudo would use a pipe. The - pipe allows sudo to interpose itself between the old standard - input, output or error and log the contents. Beginning with - version 1.8.20, a pipe is only used when I/O logging is enabled. - If use_pty is set without log_input or log_output, no pipe will - be used. Additionally, if log_input is set without log_output, - a pipe is only used for the standard input. Likewise, if - log_output is set without log_input, a pipe is only used for - the standard output and standard error. This results in a - noticeable change in behavior if the use_pty flag is set and no - terminal is present when running commands such as scripts that - execute other commands asynchronously (in the background). - Previously, sudo would exit immediately, causing background - commands to terminate with a broken pipe if they attempt to - write to the standard output or standard error. As of version - 1.8.20, a pipe will not be used in this case so the command - will no longer be terminated. - -o Upgrading from a version prior to 1.8.16: - - When editing files with sudoedit, files in a directory that is - writable by the invoking user may no longer be edited by default. - Also, sudoedit will refuse to follow a symbolic link in the - path to be edited if that directory containing the link is - writable by the user. This behavior can be disabled by negating - the sudoedit_checkdir sudoers option, which is now enabled by - default. - -o Upgrading from a version prior to 1.8.15: - - Prior to version 1.8.15, when env_reset was enabled (the default) - and the -s option was not used, the SHELL environment variable - was set to the shell of the invoking user. In 1.8.15 and above, - when env_reset is enabled and the -s option is not used, SHELL - is set based on the target user. - - When editing files with sudoedit, symbolic links will no longer - be followed by default. The old behavior can be restored by - enabling the sudoedit_follow option in sudoers or on a per-command - basis with the FOLLOW and NOFOLLOW tags. - - Prior to version 1.8.15, groups listed in sudoers that were not - found in the system group database were passed to the group - plugin, if any. Starting with 1.8.15, only groups of the form - %:group are resolved via the group plugin by default. The old - behavior can be restored by using the always_query_group_plugin - sudoers option. - - Locking of the time stamp file has changed in sudo 1.8.15. - Previously, the user's entire time stamp file was locked while - retrieving and updating a time stamp record. Now, only a single - record, specific to the tty or parent process ID, is locked. - This lock is held while the user enters their password. If - sudo is suspended at the password prompt (or run in the - background), the lock is dropped until sudo is resumed, at which - point it will be reacquired. This allows sudo to be used in a - pipeline even when a password is required--only one instance - of sudo will prompt for a password. - -o Upgrading from a version prior to 1.8.14: - - On HP-UX, sudo will no longer check for "plugin.sl" if "plugin.so" - is specified but does not exist. This was a temporary hack for - backward compatibility with Sudo 1.8.6 and below when the - plugin path name was not listed in sudo.conf. A plugin path - name that explicitly ends in ".sl" will still work as expected. - -o Upgrading from a version prior to 1.8.12: - - On Solaris, sudo is now able to determine the NIS domain name. - As a result, if you had previously been using netgroups that - do not include the domain, you will need to either set the - domain in the entry or leave the domain part of the tuple blank. - - For example, the following will no longer work: - my-hosts (foo,-,-) (bar,-,-) (baz,-,-) - and should be changed to: - my-hosts (foo,-,) (bar,-,) (baz,-,) - -o Upgrading from a version prior to 1.8.10: - - The time stamp file format has changed in sudo 1.8.10. There - is now a single time stamp file for each user, even when tty-based - time stamps are used. Each time stamp file may contain multiple - records to support tty-based time stamps as well as multiple - authentication users. On systems that support it, monotonic - time is stored instead of wall clock time. As a result, it is - important that the time stamp files not persist when the system - reboots. For this reason, the default location for the time - stamp files has changed back to a directory located in /var/run. - Systems that do not have /var/run (e.g. AIX) or that do not clear - it on boot (e.g. HP-UX) will need to clear the time stamp - directory via a start up script. Such a script is installed by - default on AIX and HP-UX systems. - - Because there is now a single time stamp file per user, the -K - option will remove all of the user's time stamps, not just the - time stamp for the current terminal. - - Lecture status is now stored separately from the time stamps - in a separate directory: /var/db/sudo/lectured, /var/lib/sudo/lectured - or /var/adm/sudo/lectured depending on what is present on the - system. - - LDAP-based sudoers now uses a default search filter of - (objectClass=sudoRole) for more efficient queries. It is - possible to disable the default search filter by specifying - SUDOERS_SEARCH_FILTER in ldap.conf but omitting a value. - -o Upgrading from a version prior to 1.8.7: - - Sudo now stores its libexec files in a "sudo" sub-directory - instead of in libexec itself. For backward compatibility, if - the plugin is not found in the default plugin directory, sudo - will check the parent directory default directory ends in "/sudo". - - The default sudo plugins now all use the .so extension, regardless - of the extension used by system shared libraries. For backward - compatibility, sudo on HP-UX will also search for a plugin with - an .sl extension if the .so version is not found. - - Handling of users belonging to a large number of groups has - changed. Previously, sudo would only use the group list from - the kernel unless the system_group plugin was enabled in sudoers. - Now, sudo will query the groups database if the user belongs - to the maximum number of groups supported by the kernel. See - the group_source and max_groups settings in the sudo.conf manual - for details. - -o Upgrading from a version prior to 1.8.2: - - When matching Unix groups in the sudoers file, sudo will now - match based on the name of the group as it appears in sudoers - instead of the group-ID. This can substantially reduce the - number of group lookups for sudoers files that contain a large - number of groups. There are a few side effects of this change. - - 1) Unix groups with different names but the same group-ID are - can no longer be used interchangeably. Sudo will look up all - of a user's groups by group-ID and use the resulting group - names when matching sudoers entries. If there are multiple - groups with the same ID, the group name returned by the - system getgrgid() library function is the name that will be - used when matching sudoers entries. - - 2) Unix group names specified in the sudoers file that are - longer than the system maximum will no longer match. For - instance, if there is a Unix group "fireflie" on a system - where group names are limited to eight characters, "%fireflies" - in sudoers will no longer match "fireflie". Previously, a - lookup by name of the group "fireflies" would have matched - the "fireflie" group on most systems. - - The legacy group matching behavior may be restored by enabling - the match_group_by_gid Defaults option in sudoers available - in sudo 1.8.18 and higher. - -o Upgrading from a version prior to 1.8.1: - - Changes in the sudoers parser could result in parse errors for - existing sudoers file. These changes cause certain erroneous - entries to be flagged as errors where before they allowed. - Changes include: - - Combining multiple Defaults entries with a backslash. E.g. - - Defaults set_path \ - Defaults syslog - - which should be: - - Defaults set_path - Defaults syslog - - Also, double-quoted strings with a missing end-quote are now - detected and result in an error. Previously, text starting a - double quote and ending with a newline was ignored. E.g. - - Defaults set_path"foo - - In previous versions of sudo, the `"foo' portion would have - been ignored. - - To avoid problems, sudo 1.8.1's "make install" will not install - a new sudo binary if the existing sudoers file has errors. - - In Sudo 1.8.1 the "noexec" functionality has moved out of the - sudoers policy plugin and into the sudo front-end. As a result, - the path to the noexec file is now specified in the sudo.conf - file instead of the sudoers file. If you have a sudoers file - that uses the "noexec_file" option, you will need to move the - definition to the sudo.conf file instead. - - Old style in /etc/sudoers: - Defaults noexec_file=/usr/local/libexec/sudo_noexec.so - - New style in /etc/sudo.conf: - Path noexec /usr/local/libexec/sudo_noexec.so - -o Upgrading from a version prior to 1.8.0: - - Starting with version 1.8.0, sudo uses a modular framework to - support policy and I/O logging plugins. The default policy - plugin is "sudoers" which provides the traditional sudoers - evaluation and I/O logging. Plugins are typically located in - /usr/libexec or /usr/local/libexec, though this is system-dependent. - The sudoers plugin is named "sudoers.so" on most systems. - - The sudo.conf file, usually stored in /etc, is used to configure - plugins. This file is optional--if no plugins are specified - in sudo.conf, the "sudoers" plugin is used. See the example - sudo.conf file in the docs directory or refer to the updated - sudo manual to see how to configure sudo.conf. - - The "askpass" setting has moved from the sudoers file to the - sudo.conf file. If you have a sudoers file that uses the - "askpass" option, you will need to move the definition to the - sudo.conf file. - - Old style in /etc/sudoers: - Defaults askpass=/usr/X11R6/bin/ssh-askpass - - New style in /etc/sudo.conf: - Path askpass /usr/X11R6/bin/ssh-askpass - -o Upgrading from a version prior to 1.7.5: - - Sudo 1.7.5 includes an updated LDAP schema with support for - the sudoNotBefore, sudoNotAfter and sudoOrder attributes. - - The sudoNotBefore and sudoNotAfter attribute support is only - used when the SUDOERS_TIMED setting is enabled in ldap.conf. - If enabled, those attributes are used directly when constructing - an LDAP filter. As a result, your LDAP server must have the - updated schema if you want to use sudoNotBefore and sudoNotAfter. - - The sudoOrder support does not affect the LDAP filter sudo - constructs and so there is no need to explicitly enable it in - ldap.conf. If the sudoOrder attribute is not present in an - entry, a value of 0 is used. If no entries contain sudoOrder - attributes, the results are in whatever order the LDAP server - returns them, as in past versions of sudo. - - Older versions of sudo will simply ignore the new attributes - if they are present in an entry. There are no compatibility - problems using the updated schema with older versions of sudo. - -o Upgrading from a version prior to 1.7.4: - - Starting with sudo 1.7.4, the time stamp files have moved from - /var/run/sudo to either /var/db/sudo, /var/lib/sudo or /var/adm/sudo. - The directories are checked for existence in that order. This - prevents users from receiving the sudo lecture every time the - system reboots. Time stamp files older than the boot time are - ignored on systems where it is possible to determine this. - - Additionally, the tty_tickets sudoers option is now enabled by - default. To restore the old behavior (single time stamp per user), - add a line like: - Defaults !tty_tickets - to sudoers or use the --without-tty-tickets configure option. - - The HOME and MAIL environment variables are now reset based on the - target user's password database entry when the env_reset sudoers option - is enabled (which is the case in the default configuration). Users - wishing to preserve the original values should use a sudoers entry like: - Defaults env_keep += HOME - to preserve the old value of HOME and - Defaults env_keep += MAIL - to preserve the old value of MAIL. - - NOTE: preserving HOME has security implications since many programs - use it when searching for configuration files. Adding HOME to env_keep - may enable a user to run unrestricted commands via sudo. - - The default syslog facility has changed from "local2" to "authpriv" - (or "auth" if the operating system doesn't have "authpriv"). - The --with-logfac configure option can be used to change this - or it can be changed in the sudoers file. - -o Upgrading from a version prior to 1.7.0: - - Starting with sudo 1.7.0, comments in the sudoers file must not - have a digit or minus sign immediately after the comment character - ('#'). Otherwise, the comment may be interpreted as a user or - group-ID. - - When sudo is build with LDAP support the /etc/nsswitch.conf file is - now used to determine the sudoers sea ch order. sudo will default to - only using /etc/sudoers unless /etc/nsswitch.conf says otherwise. - This can be changed with an nsswitch.conf line, e.g.: - sudoers: ldap files - Would case LDAP to be searched first, then the sudoers file. - To restore the pre-1.7.0 behavior, run configure with the - --with-nsswitch=no flag. - - Sudo now ignores user .ldaprc files as well as system LDAP defaults. - All LDAP configuration is now in /etc/ldap.conf (or whichever file - was specified by configure's --with-ldap-conf-file option). - If you are using TLS, you may now need to specify: - tls_checkpeer no - in sudo's ldap.conf unless ldap.conf references a valid certificate - authority file(s). - - Please also see the NEWS file for a list of new features in - sudo 1.7.0. - -o Upgrading from a version prior to 1.6.9: - - Starting with sudo 1.6.9, if an OS supports a modular authentication - method such as PAM, it will be used by default by configure. - - Environment variable handling has changed significantly in sudo - 1.6.9. Prior to version 1.6.9, sudo would preserve the user's - environment, pruning out potentially dangerous variables. - Beginning with sudo 1.6.9, the environment is reset to a default - set of values with only a small number of "safe" variables - preserved. To preserve specific environment variables, add - them to the "env_keep" list in sudoers. E.g. - - Defaults env_keep += "EDITOR" - - The old behavior can be restored by negating the "env_reset" - option in sudoers. E.g. - - Defaults !env_reset - - There have also been changes to how the "env_keep" and - "env_check" options behave. - - Prior to sudo 1.6.9, the TERM and PATH environment variables - would always be preserved even if the env_keep option was - redefined. That is no longer the case. Consequently, if - env_keep is set with "=" and not simply appended to (i.e. using - "+="), PATH and TERM must be explicitly included in the list - of environment variables to keep. The LOGNAME, SHELL, USER, - and USERNAME environment variables are still always set. - - Additionally, the env_check setting previously had no effect - when env_reset was set (which is now on by default). Starting - with sudo 1.6.9, environment variables listed in env_check are - also preserved in the env_reset case, provided that they do not - contain a '/' or '%' character. Note that it is not necessary - to also list a variable in env_keep--having it in env_check is - sufficient. - - The default lists of variables to be preserved and/or checked - are displayed when sudo is run by root with the -V flag. - -o Upgrading from a version prior to 1.6.8: - - Prior to sudo 1.6.8, if /var/run did not exist, sudo would put - the time stamp files in /tmp/.odus. As of sudo 1.6.8, the - time stamp files will be placed in /var/adm/sudo or /usr/adm/sudo - if there is no /var/run directory. This directory will be - created if it does not already exist. - - Previously, a sudoers entry that explicitly prohibited running - a command as a certain user did not override a previous entry - allowing the same command. This has been fixed in sudo 1.6.8 - such that the last match is now used (as it is documented). - Hopefully no one was depending on the previous (buggy) behavior. - -o Upgrading from a version prior to 1.6: - - As of sudo 1.6, parsing of runas entries and the NOPASSWD tag - has changed. Prior to 1.6, a runas specifier applied only to - a single command directly following it. Likewise, the NOPASSWD - tag only allowed the command directly following it to be run - without a password. Starting with sudo 1.6, both the runas - specifier and the NOPASSWD tag are "sticky" for an entire - command list. So, given the following line in sudo < 1.6 - - millert ALL=(daemon) NOPASSWD:/usr/bin/whoami,/bin/ls - - millert would be able to run /usr/bin/whoami as user daemon - without a password and /bin/ls as root with a password. - - As of sudo 1.6, the same line now means that millert is able - to run run both /usr/bin/whoami and /bin/ls as user daemon - without a password. To expand on this, take the following - example: - - millert ALL=(daemon) NOPASSWD:/usr/bin/whoami, (root) /bin/ls, \ - /sbin/dump - - millert can run /usr/bin/whoami as daemon and /bin/ls and - /sbin/dump as root. No password need be given for either - command. In other words, the "(root)" sets the default runas - user to root for the rest of the list. If we wanted to require - a password for /bin/ls and /sbin/dump the line could be written - as: - - millert ALL=(daemon) NOPASSWD:/usr/bin/whoami, \ - (root) PASSWD:/bin/ls, /sbin/dump - - Additionally, sudo now uses a per-user time stamp directory - instead of a time stamp file. This allows tty time stamps to - simply be files within the user's time stamp dir. For the - default, non-tty case, the time stamp on the directory itself - is used. - - Also, the temporary file used by visudo is now /etc/sudoers.tmp - since some versions of vipw on systems with shadow passwords use - /etc/stmp for the temporary shadow file. - -o Upgrading from a version prior to 1.5: - - By default, sudo expects the sudoers file to be mode 0440 and - to be owned by user and group 0. This differs from version 1.4 - and below which expected the sudoers file to be mode 0400 and - to be owned by root. Doing a `make install' will set the sudoers - file to the new mode and group. If sudo encounters a sudoers - file with the old permissions it will attempt to update it to - the new scheme. You cannot, however, use a sudoers file with - the new permissions with an old sudo binary. It is suggested - that if have a means of distributing sudo you distribute the - new binaries first, then the new sudoers file (or you can leave - sudoers as is and sudo will fix the permissions itself as long - as sudoers is on a local file system). diff --git a/docs/UPGRADE.md b/docs/UPGRADE.md new file mode 100644 index 000000000..d04ca7c42 --- /dev/null +++ b/docs/UPGRADE.md @@ -0,0 +1,577 @@ +Notes on upgrading from an older release +======================================== + + * Upgrading from a version prior to 1.9.9: + + On systems where SELinux is enabled and sudo is built with + SELinux support, if the user's role is not "unconfined_r" sudo + will always execute commands via the "sesh" helper program. + Previously, commands were only executed via "sesh" if a role + was specified in the sudoers file rule or by the user on the + command line. + + Sudo now runs commands with the core limit resource limit set + to 0 by default. While most operating systems restrict core + dumps of set-user-ID programs like sudo, this protection is + lost when sudo executes a command. By disabling core dumps by + default, it is possible to avoid potential security problems + such as those seen with the Linux logrotate utility, which could + interpret a core dump as a valid configuration file. + + * Upgrading from a version prior to 1.9.7: + + Sudo now links with OpenSSL 1.0.1 or higher by default if it + is present on the system unless it is explicitly disabled (via + `--disable-openssl`), or unless the sudo log client and server + code is disabled (via `--disable-log-client` and `--disable-log-server`). + As a result, the sudo log server (and the client built into the + sudoers plugin) now support TLS connections by default. + + * Upgrading from a version prior to 1.9.3: + + Due to the addition of the CHROOT and CWD options, it is no + longer possible to declare an alias with one of those names. + If a sudoers file has an alias with one of those names, sudo + and visudo will report a syntax error with a message like + "syntax error: unexpected CHROOT, expecting ALIAS". + + Starting with version 1.9.3, sudoers rules must end in either + a newline or the end-of-file. This makes it possible to provide + better error messages. Previously, it was possible to include + multiple rules on a single line, separated by white space. + + Starting with version 1.9.3, sudo will attempt to recover from + a syntax error in the sudoers file by discarding the portion + of the line that contains the error until the end of the line. + To restore the historic behavior of refusing to run when a + syntax error is encountered, add "error_recovery=false" as a + plugin option in sudo.conf for the "sudoers_audit" plugin, (or + "sudoers_policy" if there is no "sudoers_audit" plugin configured). + + * Upgrading from a version prior to 1.9.1: + + Starting with version 1.9.1, sudoers plugin arguments in sudo.conf + should be specified for the "sudoers_audit" plugin, not + "sudoers_policy". This is because the sudoers file is now + opened and parsed by the "sudoers_audit" plugin. Previously, + this was done by the "sudoers_policy" plugin. The use of an + audit plugin makes it possible for the sudoers module to detect + when a command has been rejected by an approval plugin and only + log commands that are allowed by both policy and approval + plugins. + + * Upgrading from a version prior to 1.8.30: + + Starting with version 1.8.30, sudo will no longer allow commands + to be run as a user or group ID that is not in the password or + group databases by default. Previously, sudo would always allow + unknown user or group IDs if the sudoers entry permitted it, + including via the "ALL" alias. The old behavior can be restored + by setting the new "allow_unknown_runas_id" Defaults setting + in the sudoers file. + + * Upgrading from a version prior to 1.8.29: + + Starting with version 1.8.29, if the umask is explicitly set + in sudoers, that value is used regardless of the umask specified + by PAM or login.conf. However, if the umask is not explicitly + set in sudoers, PAM or login.conf may now override the default + sudoers umask. Previously, the sudoers umask always overrode + the umask set by PAM, which was not the documented behavior. + + * Upgrading from a version prior to 1.8.28: + + Starting with version 1.8.28, sudo stores the signal that caused + a command to be suspended or resumed as a string in the I/O log + timing file. The version of sudoreplay included with sudo + 1.8.28 can process either type of I/O log file but older versions + of sudoreplay are unable to replay the newer logs. + + Starting with version 1.8.28, sudoedit honors the umask and + umask_override settings in sudoers. Previously, the user's + umask was used as-is. + + * Upgrading from a version prior to 1.8.26: + + Starting with version 1.8.26, sudo no long sets the USERNAME + environment variable when running commands. This is a non-standard + environment variable that was set on some older Linux systems. + Sudo still sets the LOGNAME, USER and, on AIX systems, LOGIN + environment variables. + + Handling of the LOGNAME, USER (and on AIX, LOGIN) environment + variables has changed slightly in version 1.8.26. Sudo now + treats those variables as a single unit. This means that if + one variable is preserved or removed from the environment using + env_keep, env_check or env_delete, the others are too. + + * Upgrading from a version prior to 1.8.23: + + In sudo 1.8.23 the "sudoers2ldif" script and the "visudo -x" + functionality has been superseded by the "cvtsudoers" utility. + The cvtsudoers utility is intended to be a drop-in replacement + for "sudoers2ldif". Because it uses the same parser as sudo + and visudo, cvtsudoers can perform a more accurate conversion + than sudoers2ldif could. + + To convert a sudoers file to JSON, the format option must be + specified. For example, instead of: + + visudo -f sudoers_file -x output_file + + one would use: + + cvtsudoers -f json -o output_file sudoers_file + + Note that unlike "visudo -x", "cvtsudoers" reads from the + standard input by default. Also, the base DN may be specified + on the command line, if desired, using the -b option. + + * Upgrading from a version prior to 1.8.20: + + Due to the addition of the TIMEOUT, NOTBEFORE and NOTAFTTER + options, it is no longer possible to declare an alias with one + of those names. If a sudoers file has an alias with one of + those names, sudo and visudo will report a syntax error with a + message like "syntax error: unexpected TIMEOUT, expecting ALIAS". + + Starting with version 1.9.3, sudoers rules must end in either + Prior to version 1.8.20, when log_input, log_output or use_pty + were enabled, if any of the standard input, output or error + were not connected to a terminal, sudo would use a pipe. The + pipe allows sudo to interpose itself between the old standard + input, output or error and log the contents. Beginning with + version 1.8.20, a pipe is only used when I/O logging is enabled. + If use_pty is set without log_input or log_output, no pipe will + be used. Additionally, if log_input is set without log_output, + a pipe is only used for the standard input. Likewise, if + log_output is set without log_input, a pipe is only used for + the standard output and standard error. This results in a + noticeable change in behavior if the use_pty flag is set and no + terminal is present when running commands such as scripts that + execute other commands asynchronously (in the background). + Previously, sudo would exit immediately, causing background + commands to terminate with a broken pipe if they attempt to + write to the standard output or standard error. As of version + 1.8.20, a pipe will not be used in this case so the command + will no longer be terminated. + + * Upgrading from a version prior to 1.8.16: + + When editing files with sudoedit, files in a directory that is + writable by the invoking user may no longer be edited by default. + Also, sudoedit will refuse to follow a symbolic link in the + path to be edited if that directory containing the link is + writable by the user. This behavior can be disabled by negating + the sudoedit_checkdir sudoers option, which is now enabled by + default. + + * Upgrading from a version prior to 1.8.15: + + Prior to version 1.8.15, when env_reset was enabled (the default) + and the -s option was not used, the SHELL environment variable + was set to the shell of the invoking user. In 1.8.15 and above, + when env_reset is enabled and the -s option is not used, SHELL + is set based on the target user. + + When editing files with sudoedit, symbolic links will no longer + be followed by default. The old behavior can be restored by + enabling the sudoedit_follow option in sudoers or on a per-command + basis with the FOLLOW and NOFOLLOW tags. + + Prior to version 1.8.15, groups listed in sudoers that were not + found in the system group database were passed to the group + plugin, if any. Starting with 1.8.15, only groups of the form + %:group are resolved via the group plugin by default. The old + behavior can be restored by using the always_query_group_plugin + sudoers option. + + Locking of the time stamp file has changed in sudo 1.8.15. + Previously, the user's entire time stamp file was locked while + retrieving and updating a time stamp record. Now, only a single + record, specific to the tty or parent process ID, is locked. + This lock is held while the user enters their password. If + sudo is suspended at the password prompt (or run in the + background), the lock is dropped until sudo is resumed, at which + point it will be reacquired. This allows sudo to be used in a + pipeline even when a password is required--only one instance + of sudo will prompt for a password. + + * Upgrading from a version prior to 1.8.14: + + On HP-UX, sudo will no longer check for "plugin.sl" if "plugin.so" + is specified but does not exist. This was a temporary hack for + backward compatibility with Sudo 1.8.6 and below when the + plugin path name was not listed in sudo.conf. A plugin path + name that explicitly ends in ".sl" will still work as expected. + + * Upgrading from a version prior to 1.8.12: + + On Solaris, sudo is now able to determine the NIS domain name. + As a result, if you had previously been using netgroups that + do not include the domain, you will need to either set the + domain in the entry or leave the domain part of the tuple blank. + + For example, the following will no longer work: + + my-hosts (foo,-,-) (bar,-,-) (baz,-,-) + + and should be changed to: + + my-hosts (foo,-,) (bar,-,) (baz,-,) + + * Upgrading from a version prior to 1.8.10: + + The time stamp file format has changed in sudo 1.8.10. There + is now a single time stamp file for each user, even when tty-based + time stamps are used. Each time stamp file may contain multiple + records to support tty-based time stamps as well as multiple + authentication users. On systems that support it, monotonic + time is stored instead of wall clock time. As a result, it is + important that the time stamp files not persist when the system + reboots. For this reason, the default location for the time + stamp files has changed back to a directory located in /var/run. + Systems that do not have /var/run (e.g. AIX) or that do not clear + it on boot (e.g. HP-UX) will need to clear the time stamp + directory via a start up script. Such a script is installed by + default on AIX and HP-UX systems. + + Because there is now a single time stamp file per user, the -K + option will remove all of the user's time stamps, not just the + time stamp for the current terminal. + + Lecture status is now stored separately from the time stamps + in a separate directory: /var/db/sudo/lectured, /var/lib/sudo/lectured + or /var/adm/sudo/lectured depending on what is present on the + system. + + LDAP-based sudoers now uses a default search filter of + (objectClass=sudoRole) for more efficient queries. It is + possible to disable the default search filter by specifying + SUDOERS_SEARCH_FILTER in ldap.conf but omitting a value. + + * Upgrading from a version prior to 1.8.7: + + Sudo now stores its libexec files in a "sudo" sub-directory + instead of in libexec itself. For backward compatibility, if + the plugin is not found in the default plugin directory, sudo + will check the parent directory default directory ends in "/sudo". + + The default sudo plugins now all use the .so extension, regardless + of the extension used by system shared libraries. For backward + compatibility, sudo on HP-UX will also search for a plugin with + an .sl extension if the .so version is not found. + + Handling of users belonging to a large number of groups has + changed. Previously, sudo would only use the group list from + the kernel unless the system_group plugin was enabled in sudoers. + Now, sudo will query the groups database if the user belongs + to the maximum number of groups supported by the kernel. See + the group_source and max_groups settings in the sudo.conf manual + for details. + + * Upgrading from a version prior to 1.8.2: + + When matching Unix groups in the sudoers file, sudo will now + match based on the name of the group as it appears in sudoers + instead of the group-ID. This can substantially reduce the + number of group lookups for sudoers files that contain a large + number of groups. There are a few side effects of this change. + + 1) Unix groups with different names but the same group-ID are + can no longer be used interchangeably. Sudo will look up all + of a user's groups by group-ID and use the resulting group + names when matching sudoers entries. If there are multiple + groups with the same ID, the group name returned by the + system getgrgid() library function is the name that will be + used when matching sudoers entries. + + 2) Unix group names specified in the sudoers file that are + longer than the system maximum will no longer match. For + instance, if there is a Unix group "fireflie" on a system + where group names are limited to eight characters, "%fireflies" + in sudoers will no longer match "fireflie". Previously, a + lookup by name of the group "fireflies" would have matched + the "fireflie" group on most systems. + + The legacy group matching behavior may be restored by enabling + the match_group_by_gid Defaults option in sudoers available + in sudo 1.8.18 and higher. + + * Upgrading from a version prior to 1.8.1: + + Changes in the sudoers parser could result in parse errors for + existing sudoers file. These changes cause certain erroneous + entries to be flagged as errors where before they allowed. + Changes include: + + Combining multiple Defaults entries with a backslash. E.g. + + Defaults set_path \ + Defaults syslog + + which should be: + + Defaults set_path + Defaults syslog + + Also, double-quoted strings with a missing end-quote are now + detected and result in an error. Previously, text starting a + double quote and ending with a newline was ignored. E.g. + + Defaults set_path"foo + + In previous versions of sudo, the _"foo_ portion would have + been ignored. + + To avoid problems, sudo 1.8.1's `make install` will not install + a new sudo binary if the existing sudoers file has errors. + + In Sudo 1.8.1 the _noexec_ functionality has moved out of the + sudoers policy plugin and into the sudo front-end. As a result, + the path to the noexec file is now specified in the sudo.conf + file instead of the sudoers file. If you have a sudoers file + that uses the "noexec_file" option, you will need to move the + definition to the sudo.conf file instead. + + Old style in /etc/sudoers: + + Defaults noexec_file=/usr/local/libexec/sudo_noexec.so + + New style in /etc/sudo.conf: + + Path noexec /usr/local/libexec/sudo_noexec.so + + * Upgrading from a version prior to 1.8.0: + + Starting with version 1.8.0, sudo uses a modular framework to + support policy and I/O logging plugins. The default policy + plugin is "sudoers" which provides the traditional sudoers + evaluation and I/O logging. Plugins are typically located in + /usr/libexec or /usr/local/libexec, though this is system-dependent. + The sudoers plugin is named "sudoers.so" on most systems. + + The sudo.conf file, usually stored in /etc, is used to configure + plugins. This file is optional--if no plugins are specified + in sudo.conf, the "sudoers" plugin is used. See the example + sudo.conf file in the docs directory or refer to the updated + sudo manual to see how to configure sudo.conf. + + The "askpass" setting has moved from the sudoers file to the + sudo.conf file. If you have a sudoers file that uses the + "askpass" option, you will need to move the definition to the + sudo.conf file. + + Old style in /etc/sudoers: + + Defaults askpass=/usr/X11R6/bin/ssh-askpass + + New style in /etc/sudo.conf: + + Path askpass /usr/X11R6/bin/ssh-askpass + + * Upgrading from a version prior to 1.7.5: + + Sudo 1.7.5 includes an updated LDAP schema with support for + the sudoNotBefore, sudoNotAfter and sudoOrder attributes. + + The sudoNotBefore and sudoNotAfter attribute support is only + used when the SUDOERS_TIMED setting is enabled in ldap.conf. + If enabled, those attributes are used directly when constructing + an LDAP filter. As a result, your LDAP server must have the + updated schema if you want to use sudoNotBefore and sudoNotAfter. + + The sudoOrder support does not affect the LDAP filter sudo + constructs and so there is no need to explicitly enable it in + ldap.conf. If the sudoOrder attribute is not present in an + entry, a value of 0 is used. If no entries contain sudoOrder + attributes, the results are in whatever order the LDAP server + returns them, as in past versions of sudo. + + Older versions of sudo will simply ignore the new attributes + if they are present in an entry. There are no compatibility + problems using the updated schema with older versions of sudo. + + * Upgrading from a version prior to 1.7.4: + + Starting with sudo 1.7.4, the time stamp files have moved from + /var/run/sudo to either /var/db/sudo, /var/lib/sudo or /var/adm/sudo. + The directories are checked for existence in that order. This + prevents users from receiving the sudo lecture every time the + system reboots. Time stamp files older than the boot time are + ignored on systems where it is possible to determine this. + + Additionally, the tty_tickets sudoers option is now enabled by + default. To restore the old behavior (single time stamp per user), + add a line like: + + Defaults !tty_tickets + + to sudoers or use the `--without-tty-tickets` configure option. + + The HOME and MAIL environment variables are now reset based on the + target user's password database entry when the env_reset sudoers option + is enabled (which is the case in the default configuration). Users + wishing to preserve the original values should use a sudoers entry like: + + Defaults env_keep += HOME + + to preserve the old value of HOME and + + Defaults env_keep += MAIL + + to preserve the old value of MAIL. + + NOTE: preserving HOME has security implications since many programs + use it when searching for configuration files. Adding HOME to env_keep + may enable a user to run unrestricted commands via sudo. + + The default syslog facility has changed from "local2" to "authpriv" + (or "auth" if the operating system doesn't have "authpriv"). + The `--with-logfac` configure option can be used to change this + or it can be changed in the sudoers file. + + * Upgrading from a version prior to 1.7.0: + + Starting with sudo 1.7.0, comments in the sudoers file must not + have a digit or minus sign immediately after the comment character + ('#'). Otherwise, the comment may be interpreted as a user or + group-ID. + + When sudo is build with LDAP support the /etc/nsswitch.conf file is + now used to determine the sudoers sea ch order. sudo will default to + only using /etc/sudoers unless /etc/nsswitch.conf says otherwise. + This can be changed with an nsswitch.conf line, e.g.: + + sudoers: ldap files + + Would case LDAP to be searched first, then the sudoers file. + To restore the pre-1.7.0 behavior, run configure with the + `--with-nsswitch=no` flag. + + Sudo now ignores user .ldaprc files as well as system LDAP defaults. + All LDAP configuration is now in /etc/ldap.conf (or whichever file + was specified by configure's `--with-ldap-conf-file` option). + If you are using TLS, you may now need to specify: + + tls_checkpeer no + + in sudo's ldap.conf unless ldap.conf references a valid certificate + authority file(s). + + Please also see the NEWS file for a list of new features in + sudo 1.7.0. + + * Upgrading from a version prior to 1.6.9: + + Starting with sudo 1.6.9, if an OS supports a modular authentication + method such as PAM, it will be used by default by configure. + + Environment variable handling has changed significantly in sudo + 1.6.9. Prior to version 1.6.9, sudo would preserve the user's + environment, pruning out potentially dangerous variables. + Beginning with sudo 1.6.9, the environment is reset to a default + set of values with only a small number of "safe" variables + preserved. To preserve specific environment variables, add + them to the "env_keep" list in sudoers. E.g. + + Defaults env_keep += "EDITOR" + + The old behavior can be restored by negating the "env_reset" + option in sudoers. E.g. + + Defaults !env_reset + + There have also been changes to how the "env_keep" and + "env_check" options behave. + + Prior to sudo 1.6.9, the TERM and PATH environment variables + would always be preserved even if the env_keep option was + redefined. That is no longer the case. Consequently, if + env_keep is set with "=" and not simply appended to (i.e. using + "+="), PATH and TERM must be explicitly included in the list + of environment variables to keep. The LOGNAME, SHELL, USER, + and USERNAME environment variables are still always set. + + Additionally, the env_check setting previously had no effect + when env_reset was set (which is now on by default). Starting + with sudo 1.6.9, environment variables listed in env_check are + also preserved in the env_reset case, provided that they do not + contain a '/' or '%' character. Note that it is not necessary + to also list a variable in env_keep--having it in env_check is + sufficient. + + The default lists of variables to be preserved and/or checked + are displayed when sudo is run by root with the -V flag. + + * Upgrading from a version prior to 1.6.8: + + Prior to sudo 1.6.8, if /var/run did not exist, sudo would put + the time stamp files in /tmp/.odus. As of sudo 1.6.8, the + time stamp files will be placed in /var/adm/sudo or /usr/adm/sudo + if there is no /var/run directory. This directory will be + created if it does not already exist. + + Previously, a sudoers entry that explicitly prohibited running + a command as a certain user did not override a previous entry + allowing the same command. This has been fixed in sudo 1.6.8 + such that the last match is now used (as it is documented). + Hopefully no one was depending on the previous (buggy) behavior. + + * Upgrading from a version prior to 1.6: + + As of sudo 1.6, parsing of runas entries and the NOPASSWD tag + has changed. Prior to 1.6, a runas specifier applied only to + a single command directly following it. Likewise, the NOPASSWD + tag only allowed the command directly following it to be run + without a password. Starting with sudo 1.6, both the runas + specifier and the NOPASSWD tag are "sticky" for an entire + command list. So, given the following line in sudo < 1.6 + + millert ALL=(daemon) NOPASSWD:/usr/bin/whoami,/bin/ls + + millert would be able to run /usr/bin/whoami as user daemon + without a password and /bin/ls as root with a password. + + As of sudo 1.6, the same line now means that millert is able + to run run both /usr/bin/whoami and /bin/ls as user daemon + without a password. To expand on this, take the following + example: + + millert ALL=(daemon) NOPASSWD:/usr/bin/whoami, (root) /bin/ls, \ + /sbin/dump + + millert can run /usr/bin/whoami as daemon and /bin/ls and + /sbin/dump as root. No password need be given for either + command. In other words, the "(root)" sets the default runas + user to root for the rest of the list. If we wanted to require + a password for /bin/ls and /sbin/dump the line could be written + as: + + millert ALL=(daemon) NOPASSWD:/usr/bin/whoami, \ + (root) PASSWD:/bin/ls, /sbin/dump + + Additionally, sudo now uses a per-user time stamp directory + instead of a time stamp file. This allows tty time stamps to + simply be files within the user's time stamp dir. For the + default, non-tty case, the time stamp on the directory itself + is used. + + Also, the temporary file used by visudo is now /etc/sudoers.tmp + since some versions of vipw on systems with shadow passwords use + /etc/stmp for the temporary shadow file. + + * Upgrading from a version prior to 1.5: + + By default, sudo expects the sudoers file to be mode 0440 and + to be owned by user and group 0. This differs from version 1.4 + and below which expected the sudoers file to be mode 0400 and + to be owned by root. Doing a `make install` will set the sudoers + file to the new mode and group. If sudo encounters a sudoers + file with the old permissions it will attempt to update it to + the new scheme. You cannot, however, use a sudoers file with + the new permissions with an old sudo binary. It is suggested + that if have a means of distributing sudo you distribute the + new binaries first, then the new sudoers file (or you can leave + sudoers as is and sudo will fix the permissions itself as long + as sudoers is on a local file system). diff --git a/etc/sudo-logsrvd.pp b/etc/sudo-logsrvd.pp index afbd5ca0b..1e49c65c1 100644 --- a/etc/sudo-logsrvd.pp +++ b/etc/sudo-logsrvd.pp @@ -108,7 +108,7 @@ This makes it possible to have all sudo I/O logs on a central server." pp_deb_release="$pp_rpm_release" pp_deb_version="$pp_rpm_version" pp_deb_section=admin - install -D -m 644 ${pp_destdir}$docdir/LICENSE ${pp_wrkdir}/${name}/usr/share/doc/${name}/copyright + install -D -m 644 ${pp_destdir}$docdir/LICENSE.md ${pp_wrkdir}/${name}/usr/share/doc/${name}/copyright install -D -m 644 ${pp_destdir}$docdir/ChangeLog ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog gzip -9f ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog printf "$name ($pp_deb_version-$pp_deb_release) admin; urgency=low\n\n * see upstream changelog\n\n -- $pp_deb_maintainer `date '+%a, %d %b %Y %T %z'`\n" > ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian @@ -145,7 +145,7 @@ This makes it possible to have all sudo I/O logs on a central server." pp_macos_bundle_id=ws.sudo.pkg.sudo-logsrvd pp_macos_pkg_background=${srcdir}/etc/macos-background.png pp_macos_pkg_background_dark=${srcdir}/etc/macos-background.png - pp_macos_pkg_license=${pp_destdir}$docdir/LICENSE + pp_macos_pkg_license=${pp_destdir}$docdir/LICENSE.md pp_macos_pkg_readme=${pp_wrkdir}/ReadMe.txt perl -pe 'last if (/^What/i && $seen++)' ${pp_destdir}$docdir/NEWS > ${pp_wrkdir}/ReadMe.txt %endif diff --git a/etc/sudo-python.pp b/etc/sudo-python.pp index 05306c39f..de7734072 100644 --- a/etc/sudo-python.pp +++ b/etc/sudo-python.pp @@ -68,7 +68,7 @@ pp_deb_release="$pp_rpm_release" pp_deb_version="$pp_rpm_version" pp_deb_section=admin - install -D -m 644 ${pp_destdir}$docdir/LICENSE ${pp_wrkdir}/${name}/usr/share/doc/${name}/copyright + install -D -m 644 ${pp_destdir}$docdir/LICENSE.md ${pp_wrkdir}/${name}/usr/share/doc/${name}/copyright install -D -m 644 ${pp_destdir}$docdir/ChangeLog ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog gzip -9f ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog printf "$name ($pp_deb_version-$pp_deb_release) admin; urgency=low\n\n * see upstream changelog\n\n -- $pp_deb_maintainer `date '+%a, %d %b %Y %T %z'`\n" > ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian @@ -101,7 +101,7 @@ pp_macos_bundle_id=ws.sudo.pkg.sudo-python pp_macos_pkg_background=${srcdir}/etc/macos-background.png pp_macos_pkg_background_dark=${srcdir}/etc/macos-background.png - pp_macos_pkg_license=${pp_destdir}$docdir/LICENSE + pp_macos_pkg_license=${pp_destdir}$docdir/LICENSE.md pp_macos_pkg_readme=${pp_wrkdir}/ReadMe.txt perl -pe 'last if (/^What/i && $seen++)' ${pp_destdir}$docdir/NEWS > ${pp_wrkdir}/ReadMe.txt %endif diff --git a/etc/sudo.pp b/etc/sudo.pp index b80ee2f9a..0c96a75bd 100644 --- a/etc/sudo.pp +++ b/etc/sudo.pp @@ -133,7 +133,7 @@ still allow people to get their work done." pp_deb_release="$pp_rpm_release" pp_deb_version="$pp_rpm_version" pp_deb_section=admin - install -D -m 644 ${pp_destdir}$docdir/LICENSE ${pp_wrkdir}/${name}/usr/share/doc/${name}/copyright + install -D -m 644 ${pp_destdir}$docdir/LICENSE.md ${pp_wrkdir}/${name}/usr/share/doc/${name}/copyright install -D -m 644 ${pp_destdir}$docdir/ChangeLog ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog gzip -9f ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog printf "$name ($pp_deb_version-$pp_deb_release) admin; urgency=low\n\n * see upstream changelog\n\n -- $pp_deb_maintainer `date '+%a, %d %b %Y %T %z'`\n" > ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian @@ -302,7 +302,7 @@ still allow people to get their work done." pp_macos_bundle_id=ws.sudo.pkg.sudo pp_macos_pkg_background=${srcdir}/etc/macos-background.png pp_macos_pkg_background_dark=${srcdir}/etc/macos-background.png - pp_macos_pkg_license=${pp_destdir}$docdir/LICENSE + pp_macos_pkg_license=${pp_destdir}$docdir/LICENSE.md pp_macos_pkg_readme=${pp_wrkdir}/ReadMe.txt perl -pe 'last if (/^What/i && $seen++)' ${pp_destdir}$docdir/NEWS > ${pp_wrkdir}/ReadMe.txt %endif @@ -404,7 +404,7 @@ still allow people to get their work done." $docdir/ 0755 $docdir/** 0644 %if [deb] - $docdir/LICENSE ignore,ignore-others + $docdir/LICENSE.md ignore,ignore-others $docdir/ChangeLog ignore,ignore-others %endif %if X"$exampledir" != X"$docdir/examples"