Installation of Sudo
Install Sudo by running the
./configure --prefix=/usr \
--with-passprompt="[sudo] password for %p" &&
To test the results, issue: env
LC_ALL=C make check 2>&1 | tee
../make-check.log. Check the results with
Now, as the
make install &&
ln -sfv libsudo_util.so.0.0.0 /usr/lib/sudo/libsudo_util.so.0
switch controls where private programs are installed. Everything in
that directory is a library, so they belong under
/usr/lib instead of
switch transparently adds
/usr/sbin directories to the
PATH environment variable.
switch includes all the sudo
switch enables use of the environment variable EDITOR for
switch sets the password prompt.
--without-pam: This switch avoids
building PAM support when
PAM is installed on the system.
switch prevents installation of static versions of the libraries.
There are many options to sudo's
Check the configure
--help output for a complete list.
libsudo_util...: Works around a bug in the
installation process, which links the versioned library to the
previously installed version (when present) instead of the new one.
sudoers file can be quite
complicated. It is composed of two types of entries: aliases
(basically variables) and user specifications (which specify who
may run what). The installation installs a default configuration
that has no privileges installed for any user.
One example usage is to allow the system administrator to execute
any program without typing a password each time root privileges
are needed. This can be configured as:
# User alias specification
User_Alias ADMIN = YourLoginId
# Allow people in group ADMIN to run all commands without a password
ADMIN ALL = NOPASSWD: ALL
For details, see man
The Sudo developers highly
recommend using the visudo program to edit the
sudoers file. This will provide
basic sanity checking like syntax parsing and file permission
to avoid some possible mistakes that could lead to a vulnerable
If PAM is installed on the
system, Sudo is built with
PAM support. In that case, issue
the following command as the
user to create the PAM
cat > /etc/pam.d/sudo << "EOF"
# Begin /etc/pam.d/sudo
# include the default auth settings
auth include system-auth
# include the default account settings
account include system-account
# Set default environment variables for the service user
session required pam_env.so
# include system session defaults
session include system-session
# End /etc/pam.d/sudo
chmod 644 /etc/pam.d/sudo
sudo, sudoedit (symlink), sudoreplay, and
sudoers.so, sudo_noexec.so, and system_group.so
/usr/share/doc/sudo-1.8.14p3, /var/lib/sudo, and
executes a command as another user as permitted by the
is a symlink to sudo that implies the
-e option to invoke an editor
as another user.
is used to play back or list the output logs created by
allows for safer editing of the
Last updated on 2015-08-16 16:33:18 +0000