version 1.1.1.2, 2012/05/29 12:26:49
|
version 1.1.1.4, 2013/10/14 07:56:34
|
Line 22 A) Sudo must be setuid root to do its work. Either /u
|
Line 22 A) Sudo must be setuid root to do its work. Either /u
|
is not owned by uid 0 or the setuid bit is not set. This should have |
is not owned by uid 0 or the setuid bit is not set. This should have |
been done for you by "make install" but you can fix it manually by |
been done for you by "make install" but you can fix it manually by |
running the following as root: |
running the following as root: |
# chown root /usr/local/bin/sudo; chmod 4111 /usr/local/bin/sudo | # chown root /usr/local/bin/sudo; chmod 4755 /usr/local/bin/sudo |
|
|
Q) Sudo compiles and installs OK but when I try to run it I get: |
Q) Sudo compiles and installs OK but when I try to run it I get: |
effective uid is not 0, is /usr/local/bin/sudo on a file system with the |
effective uid is not 0, is /usr/local/bin/sudo on a file system with the |
Line 31 A) The owner and permissions on the sudo binary appear
|
Line 31 A) The owner and permissions on the sudo binary appear
|
sudo ran, the setuid bit did not have an effect. There are two common |
sudo ran, the setuid bit did not have an effect. There are two common |
causes for this. The first is that the file system the sudo binary |
causes for this. The first is that the file system the sudo binary |
is located on is mounted with the 'nosuid' mount option, which disables |
is located on is mounted with the 'nosuid' mount option, which disables |
setuid binaries. The other is that sudo is installed on an NFS-mounted | setuid binaries. The output of the "mount" command should tell you if |
file system that is exported without root privileges. By default, NFS | the file system is mounted with the 'nosuid' option. The other possible |
file systems are exported with uid 0 mapped to a non-privileged uid | cause is that sudo is installed on an NFS-mounted file system that is |
(usually -2). | exported without root privileges. By default, NFS file systems are |
| exported with uid 0 mapped to a non-privileged uid (usually -2). You |
| should be able to determine whether sudo is located on an NFS-mounted |
| filesystem by running "df `which sudo'". |
|
|
You need to do something like |
|
`chmod 4111 /usr/local/bin/sudo'. Also, the file system sudo resides |
|
on must *not* be mounted (or exported) with the nosuid option or sudo |
|
will not be able to work. Another possibility is you may have '.' in |
|
your $PATH before the directory containing sudo. If you are going |
|
to have '.' in your path you should make sure it is at the end. |
|
|
|
Q) Sudo never gives me a chance to enter a password using PAM, it just |
Q) Sudo never gives me a chance to enter a password using PAM, it just |
says 'Sorry, try again.' three times and exits. |
says 'Sorry, try again.' three times and exits. |
A) You didn't setup PAM to work with sudo. On RedHat Linux or Fedora |
A) You didn't setup PAM to work with sudo. On RedHat Linux or Fedora |
Line 67 A) Make sure you have an entry in your syslog.conf fil
|
Line 63 A) Make sure you have an entry in your syslog.conf fil
|
its conf file. Also, remember that syslogd does *not* create |
its conf file. Also, remember that syslogd does *not* create |
log files, you need to create the file before syslogd will log |
log files, you need to create the file before syslogd will log |
to it (ie: touch /var/log/sudo). |
to it (ie: touch /var/log/sudo). |
Note: the facility (e.g. "auth.debug") must be separated from the | Note: the facility (e.g. "auth.debug") must be separated from the |
destination (e.g. "/var/log/auth" or "@loghost") by |
destination (e.g. "/var/log/auth" or "@loghost") by |
tabs, *not* spaces. This is a common error. |
tabs, *not* spaces. This is a common error. |
|
|
Line 182 A) Starting with Solaris 2.6, snprintf(3) is included
|
Line 178 A) Starting with Solaris 2.6, snprintf(3) is included
|
#define HAVE_VSNPRINTF 1 |
#define HAVE_VSNPRINTF 1 |
and run make. |
and run make. |
|
|
|
Q) I built sudo on a Solaris 11 (or higher) machine but the resulting |
|
binary doesn't work older Solaris versions. Why? |
|
|
|
A) Starting with Solaris 11, asprintf(3) is included in the standard |
|
C library. To build a version of sudo on a Solaris 11 machine that |
|
will run on an older Solaris release, edit config.h and comment out |
|
the lines: |
|
#define HAVE_ASPRINTF 1 |
|
#define HAVE_VASPRINTF 1 |
|
and run make. |
|
|
Q) When I run "visudo" it says "sudoers file busy, try again later." |
Q) When I run "visudo" it says "sudoers file busy, try again later." |
and doesn't do anything. |
and doesn't do anything. |
A) Someone else is currently editing the sudoers file with visudo. |
A) Someone else is currently editing the sudoers file with visudo. |
Line 240 A) On systems that use a Mozilla-derived LDAP SDK ther
|
Line 247 A) On systems that use a Mozilla-derived LDAP SDK ther
|
Enter new password: <return> |
Enter new password: <return> |
Re-enter password: <return> |
Re-enter password: <return> |
|
|
|
Q) On HP-UX, when I run command via sudo it displays information |
|
about the last successful login and last authentication failure |
|
for every command. How can I fix this? |
|
A) This output comes from /usr/lib/security/libpam_hpsec.so.1. |
|
To suppress it, add a line like the following to /etc/pam.conf: |
|
sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login |
|
|
|
Q) On HP-UX, the umask setting in sudoers has no effect. |
|
A) If your /etc/pam.conf file has the libpam_hpsec.so.1 session module |
|
enabled, you may need to a add line like the following to pam.conf: |
|
sudo session required libpam_hpsec.so.1 bypass_umask |
|
|
Q) When I run sudo on AIX I get the following error: |
Q) When I run sudo on AIX I get the following error: |
setuidx(ID_EFFECTIVE|ID_REAL|ID_SAVED, ROOT_UID): Operation not permitted. |
setuidx(ID_EFFECTIVE|ID_REAL|ID_SAVED, ROOT_UID): Operation not permitted. |
A) AIX's Enhanced RBAC is preventing sudo from running. To fix |
A) AIX's Enhanced RBAC is preventing sudo from running. To fix |
Line 250 A) AIX's Enhanced RBAC is preventing sudo from running
|
Line 269 A) AIX's Enhanced RBAC is preventing sudo from running
|
accessauths = ALLOW_ALL |
accessauths = ALLOW_ALL |
innateprivs = PV_DAC_GID,PV_DAC_O,PV_DAC_R,PV_DAC_UID,PV_DAC_W,PV_DAC_X,PV_FS_CHOWN,PV_PROC_ENV,PV_PROC_PRIO,PV_PROC_RAC |
innateprivs = PV_DAC_GID,PV_DAC_O,PV_DAC_R,PV_DAC_UID,PV_DAC_W,PV_DAC_X,PV_FS_CHOWN,PV_PROC_ENV,PV_PROC_PRIO,PV_PROC_RAC |
secflags = FSF_EPS |
secflags = FSF_EPS |
|
|
|
Q) Sudo configures and builds without error but when I run it I get |
|
a Segmentation fault. |
|
A) If you are on a Linux system, the first thing to try is to run |
|
configure with the --disable-pie option, then "make clean" and |
|
"make". If that fixes the problem then your operating system |
|
does not properly support position independent executables. |
|
Please send a message to sudo@sudo.ws with system details such |
|
as the Linux distro, kernel version and CPU architecture. |
|
|
Q) When I run configure I get the following error: |
Q) When I run configure I get the following error: |
dlopen present but libtool doesn't appear to support your platform. |
dlopen present but libtool doesn't appear to support your platform. |