1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
FAQ and troubleshooting tips for CU sudo
========================================
Q) Sudo compiles but when I run it I get "Sorry, sudo must be setuid root."
and sudo quits.
A) Sudo must be setuid root to do its work. You need to do something like
`chmod 4111 /usr/local/bin/sudo'. Also, the filesystem sudo resides
on must *not* be mounted with the nosuid mount option or sudo will
not be able to work.
Q) Sudo is setup to log via syslog(3) but I'm not getting any log
messages.
A) Make sure you have an entry in your syslog.conf file to save
the sudo messages. The default log facility is local2
(configurable in options.h) so you would want something like:
local2.debug /var/adm/sudo.log
or
local2.debug @loghost
depending whether you want to forward the messages to another
host or keep them locally.
Q) When sudo asks me for my password it never accepts what I enter even
though I know I entered my password correctly.
A) Try running configure with the --with-getpass option. After this
when you build sudo it will use the system's getpass() routine instead
of sudo's own version. If that doesn't work, and your OS uses shadow
passwords, re-run configure and add the --with-C2 option. Configure
tries to guess whether or not you are using shadow passwords but
it is not bulletproof.
(see the INSTALL doc for a list of OS's that sudo knows how to get
shadow password info for).
Q) Sudo says that it cannot read the sudoers file even though the
path it says is correct.
A) If the sudoers file lives on an NFS-mounted partition that partition
needs to be exported as root to the host in question unless you
have set SUDOERS_OWNER to something other than root. An easy test
is to see if "cat /path/to/sudoers" works as root. If not, then
you have the aforementioned problem. See the entry for SUDOERS_OWNER
in the OPTIONS file.
Q) Can I put the sudoers file in NIS/NIS+ or do I have to have a
copy on each machine?
A) There is no support for making an NIS/NIS+ map/table out of
the sudoers file at this time. A good way to distribute the
sudoers file is via rdist(1). It is also possible to
NFS-mount the sudoers file. However, please read the previous
TROUBLESHOOTING entry for info on this.
Q) I don't run sendmail on my machine. Does this mean that I cannot
use sudo?
A) No, you just need to comment out the MAILER #define in options.h.
Q) When I run visudo it uses vi as the editor and I hate vi. How
can I make it use another editor?
A) Your best bet is to enable the ENV_EDITOR option in options.h.
This will make visudo use the editor specified by the user's
EDITOR environmental variable. Alternately, you can change the
default editor by setting the EDITOR macro in options.h to
the editor of your choice.
Q) Sudo appears to be removing some variables from my environment, why?
A) Sudo removes the following "dangerous" environmental variables
to guard against shared library spoofing, shell voodoo, and
kerberos server spoofing.
IFS
LD_*
_RLD_*
SHLIB_PATH (HP-UX only)
LIB_PATH (AIX only)
KRB_CONF (kerberos only)
Q) I can't get the s/key support to work, whatever I do sudo won't
accept my key. I had to run configure with --with-getpass,
could that have something to do with it?
A) Yes, the s/key support requires that you use tgetpass() since
most system getpass()'s only grab eight characters or so
and s/key needs much mroe than that. It should be possible
to get tgetpass() to work, send mail to sudo-bugs@cs.colorado.edu
if you need help.
Q) I overwrote the distributed lex.yy.c with a lex-generated one and
now sudo does not work.
A) The simplest thing to do is "rm -f lex.yy.c ; ln sudo-lex.yy.c lex.yy.c"
which will set you back up with a pre-flexed lex.yy.c.
If you want to hack on the lexer you should get a copy of flex
from ftp.ee.lbl.gov
Q) My C compiler complains about:
"./options.h", line xx "/*" detected in comment
Should I be worried?
A) No, this is due to the way options are commented out in options.h.
Some ANSI compilers are just a bit too protective.
If anyone have a better way to that is just as easy to uncomment
and that doesn't produce a similar warning, please let me know.
|