mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-09-01 14:55:12 +00:00
Code Issues Releases Wiki Activity

Update OS specific notes. Delete some really ancient ones and move

Browse Source 
older ones to the end of the list.
This commit is contained in:
Todd C. Miller
2010-06-14 16:11:01 -04:00
parent 8eed6962b6
commit 96e4b0e20f
1 changed files with 80 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

180
INSTALL
View File

@@ -1,4 +1,4 @@
Installation instructions for Sudo 1.7 Installation instructions for Sudo 1.8
====================================== ======================================
Sudo uses a `configure' script to probe the capabilities and type Sudo uses a `configure' script to probe the capabilities and type
@@ -15,34 +15,28 @@ For most systems and configurations it is possible simply to:
0) If you are upgrading from a previous version of sudo 0) If you are upgrading from a previous version of sudo
please read the info in the UPGRADE file before proceeding. please read the info in the UPGRADE file before proceeding.
1) If you previously ran `configure' on a different host 1) Read the `OS dependent notes' section for any particular
you will probably want to do a `make distclean' to remove
the old `config.cache' file. Otherwise, `configure'
will complain and refuse to run. Alternately, one can
simply `rm config.cache'.
2) Read the `OS dependent notes' section for any particular
"gotchas" relating to your operating system. "gotchas" relating to your operating system.
3) `cd' to the source or build directory and type `./configure' 2) `cd' to the source or build directory and type `./configure'
to generate a Makefile and config.h file suitable for to generate a Makefile and config.h file suitable for
building sudo. Before you actually run configure you building sudo. Before you actually run configure you
should read the `Available configure options' section should read the `Available configure options' section
to see if there are any special options you may want to see if there are any special options you may want
or need. or need.
4) Edit the configure-generated Makefile if you wish to 3) Edit the configure-generated Makefile if you wish to
change any of the default paths (alternatively, you could change any of the default paths (alternatively, you could
have changed the paths via options to `configure'. have changed the paths via options to `configure'.
5) Type `make' to compile sudo. If you are building sudo 5) Type `make' to compile sudo. If you are building sudo
in a separate build tree (apart from the sudo source) in a separate build tree (apart from the sudo source) GNU
GNU make will probably be required. If `configure' did make will probably be required. If `configure' did its job
its job properly (and you have a supported configuration) properly (and you have a supported configuration) there won't
there won't be any problems. If this doesn't work, take be any problems. If this doesn't work, take a look at the
a look at the files TROUBLESHOOTING and PORTING for tips TROUBLESHOOTING file for tips on what might have gone wrong.
on what might have gone wrong. Please mail us if you have a Please mail us if you have a fix or if you are unable to
fix or if you are unable to come up with a fix (address at EOF). come up with a fix (address at EOF).
6) Type `make install' (as root) to install sudo, visudo, the 6) Type `make install' (as root) to install sudo, visudo, the
man pages, and a skeleton sudoers file. Note that the install man pages, and a skeleton sudoers file. Note that the install
@@ -637,31 +631,44 @@ Shadow passwords are known to work on the following platforms:
Digital UNIX Digital UNIX
IRIX >= 5.x IRIX >= 5.x
AIX >= 3.2.x AIX >= 3.2.x
ConvexOS with C2 security (not tested recently)
Linux Linux
SCO >= 3.2.2 SCO >= 3.2.2
Pyramid DC/OSx Pyramid DC/OSx
UnixWare UnixWare
SVR4 (and variants using standard SVR4 shadow passwords) SVR4 (and variants using standard SVR4 shadow passwords)
4.4BSD based systems (including OpenBSD, NetBSD, FreeBSD, and BSD/OS) 4.4BSD based systems (including OpenBSD, NetBSD, FreeBSD, and Mac OS X)
OS's using SecureWare's C2 security. Systems using SecureWare's C2 security.
OS dependent notes OS dependent notes
================== ==================
OpenBSD < 2.2 and NetBSD < 1.2.1: Linux:
The fdesc file system has a bug wrt /dev/tty handling that PAM and LDAP headers are not installed by default on most Linux
causes sudo to hang at the password prompt. The workaround systems. You will need to install the "pam-dev" package if
is to run configure with --with-password-timeout=0 /usr/include/security/pam_appl.h is not present on your system.
If you wish to build with LDAP support you will also need the
openldap-devel package.
Versions of glibc 2.x previous to 2.0.7 have a broken lsearch().
You will need to either upgrade to glibc-2.0.7 or use sudo's
version of lsearch(). To use sudo's lsearch(), comment out
the "#define HAVE_LSEARCH 1" line in config.h and add lsearch.o
to the LIBOBJS line in the Makefile.
If you are using a Linux kernel older than 2.4 it is not possible
to access the sudoers file via NFS. This is due to a bug in
the Linux client-side NFS implementation that has since been
fixed. There is a workaround on the sudo ftp site, linux_nfs.patch,
if you need to NFS-mount sudoers on older Linux kernels.
Solaris 2.x: Solaris 2.x:
You need to have a C compiler in order to build sudo. You need to have a C compiler in order to build sudo. Since
Since Solaris 2.x does not come with one by default this Solaris 2.x does not come with one by default this means that
means that you either need to have purchased the unbundled Sun you either need to install the Sun Studio compiler suite,
C compiler or have a copy of the GNU C compiler (gcc). available for free from www.sun.com, or have a copy of the GNU
The SunSoft Catalyst CD should contain gcc binaries for C compiler (gcc) which is distributed on the Solaris Companion
Solaris. You can also get them from various places on the CD. You can also get them from various places on the net,
net, including http://www.sunfreeware.com/ including http://www.sunfreeware.com/
NOTE: sudo will *not* build with the sun C compiler in BSD NOTE: sudo will *not* build with the sun C compiler in BSD
compatibility mode (/usr/ucb/cc). Sudo is designed to compatibility mode (/usr/ucb/cc). Sudo is designed to
compile with the standard C compiler (or gcc) and will compile with the standard C compiler (or gcc) and will
@@ -669,36 +676,30 @@ Solaris 2.x:
`--with-CC' option to point `configure' to the non-ucb `--with-CC' option to point `configure' to the non-ucb
compiler if it is not the first cc in your path. Some compiler if it is not the first cc in your path. Some
sites link /usr/ucb/cc to gcc; configure will not notice sites link /usr/ucb/cc to gcc; configure will not notice
this an still refuse to use /usr/ucb/cc, so make sure gcc this and still refuse to use /usr/ucb/cc, so make sure gcc
is also in your path if your site is setup this way. is also in your path if your site is setup this way.
Also: Many versions of Solaris come with a broken syslogd. Also: Older versions of Solaris come with a broken syslogd.
If you have having problems with sudo logging you should If you have having problems with sudo logging you should
make sure you have the latest syslogd patch installed. make sure you have the latest syslogd patch installed.
This is a problem for Solaris 2.4 and 2.5 at least. This is a problem for Solaris 2.4 and 2.5 at least.
AIX 3.2.x: Mac OS X:
I've had various problems with the AIX C compiler producing The pseudo-tty support in the Mac OS X kernel has bugs related
incorrect code when the -O flag was used. When optimization to its handling of the SIGTSTP, SIGTTIN and SIGTTOU signals.
is not used, the problems go away. Gcc does not appear It does not restart reads and writes when those signals are
to have this problem. delivered. This may cause problems for some commands when I/O
logging is enabled. The issue has been reported to Apple and
is bug id #7952709.
Also, the AIX 3.2.x lex will not work with sudo's parse.lex. HP-UX:
This should not be a problem as sudo comes shipped with The default C compiler shipped with HP-UX is not an ANSI compiler.
a pre-generated lex.yy.c (created by flex). If you want You must use either the HP ANSI C compiler or gcc to build sudo.
to modify the lex tokenizer, make sure you grab a copy of Binary packages of gcc are available from http://hpux.connect.org.uk/.
flex from ftp.ee.lbl.gov (also available on most GNU mirrors)
and sudo will use that instead.
Ultrix 4.x: To prevent PAM from overriding the value of umask on HP-UX 11,
Ultrix still ships with the 4.2BSD syslog(3) which does not you will need to add a line like the following to /etc/pam.conf:
allow things like logging different facilities to different
files, redirecting logs to a single loghost and other niceties. sudo session required libpam_hpsec.so.1 bypass_umask
You may want to just grab and install:
ftp://gatekeeper.dec.com/pub/DEC/jtkohl-syslog-complete.tar.Z
(available via anonymous ftp) which is a port if the 4.3BSD
syslog/syslogd that is backwards compatible with the Ultrix version.
I recommend it highly. If you do not do this you probably want
to run configure with --with-logging=file
Digital UNIX: Digital UNIX:
By default, sudo will use SIA (Security Integration Architecture) By default, sudo will use SIA (Security Integration Architecture)
@@ -717,59 +718,38 @@ Digital UNIX:
you can just make a copy in gcc's private include tree and you can just make a copy in gcc's private include tree and
edit that. edit that.
Linux: AIX 3.2.x:
PAM and LDAP headers are not installed by default on most Linux I've had various problems with the AIX C compiler producing
systems. You will need to install the "pav-dev" package if incorrect code when the -O flag was used. When optimization
/usr/include/security/pam_appl.h is not present on your system. is not used, the problems go away. Gcc does not appear
If you wish to build with LDAP support you will also need the to have this problem.
openldap-devel package.
Versions of glibc 2.x previous to 2.0.7 have a broken lsearch().
You will need to either upgrade to glibc-2.0.7 or use sudo's
version of lsearch(). To use sudo's lsearch(), comment out
the "#define HAVE_LSEARCH 1" line in config.h and add lsearch.o
to the LIBOBJS line in the Makefile.
If you are using a Linux kernel older than 2.4 it is not possible
to access the sudoers file via NFS. This is due to a bug in
the Linux client-side NFS implementation that has since been
fixed. There is a workaround on the sudo ftp site, linux_nfs.patch,
if you need to NFS-mount sudoers on older Linux kernels.
Mac OS X:
It has been reported that for sudo to work on Mac OS X it must
either be built with the --with-password-timeout=0 option or the
password timeout must be disabled in the Defaults line in the
sudoers file. If sudo just hangs when you try to enter a password,
you need to disable the password timeout (Note: this is not a bug
in sudo).
SCO ODT: SCO ODT:
You'll probably need libcrypt_i.a available via anonymous ftp You'll probably need libcrypt_i.a available via anonymous ftp
from sosco.sco.com. The necessary files are /SLS/lng225b.Z from sosco.sco.com. The necessary files are /SLS/lng225b.Z
and /SLS/lng225b.ltr.Z. and /SLS/lng225b.ltr.Z.
Dynix:
Some people have experienced problems building sudo with gcc
on Dynix. If you experience problems compiling sudo using gcc
on Dynix, try using the native compiler (cc). You can do so
by removing the config.cache file and then re-running configure
with the --with-CC=cc option.
HP-UX:
The default C compiler shipped with HP-UX does not support creating
position independent code and so is unable to support sudo's "noexec"
functionality. You must use either the HP ANSI C compiler or gcc for
noexec to work. Binary packages of gcc are available from
http://hpux.connect.org.uk/ and http://hpux.cs.utah.edu/.
To prevent PAM from overriding the value of umask on HP-UX 11,
you will need to add a line like the following to /etc/pam.conf:
sudo session required libpam_hpsec.so.1 bypass_umask
SunOS 4.x: SunOS 4.x:
The /bin/sh shipped with SunOS blows up while running configure. The /bin/sh shipped with SunOS blows up while running configure.
You can work around this by installalling bash or zsh. If you You can work around this by installing bash or zsh. If you
have bash or zsh in your path, configure will use it instead have bash or zsh in your path, configure will use it instead
automatically. automatically.
ULTRIX 4.x:
ULTRIX does not ship with an ANSI C compiler. You will need to
install an ANSI compiler such as gcc to build sudo.
The /bin/sh shipped with ULTRIX blows up while running configure.
You can work around this by installing bash or zsh. If you
have bash or zsh in your path, configure will use it instead
automatically.
ULTRIX ships with the 4.2BSD syslog(3) which does not
allow things like logging different facilities to different
files, redirecting logs to a single loghost and other niceties.
You may want to just grab and install:
ftp://www.sudo.ws/pub/sudo/misc/jtkohl-syslog-complete.tar.gz
(available via anonymous ftp) which is a port if the 4.3BSD
syslog/syslogd that is backwards compatible with the Ultrix version.
I recommend it highly. If you do not do this you probably want
to run configure with --with-logging=file