version 1.1.1.3, 2013/07/22 10:46:11
|
version 1.1.1.4, 2014/06/15 16:12:54
|
Line 1
|
Line 1
|
Notes on upgrading from an older release |
Notes on upgrading from an older release |
======================================== |
======================================== |
|
|
|
o Upgrading from a version prior to 1.8.10: |
|
|
|
The time stamp file format has changed in sudo 1.8.10. There |
|
is now a single time stamp file for each user, even when tty-based |
|
time stamps are used. Each time stamp file may contain multiple |
|
records to support tty-based time stamps as well as multiple |
|
authentication users. On systems that support it, monotonic |
|
time is stored instead of wall clock time. As a result, it is |
|
important that the time stamp files not persist when the system |
|
reboots. For this reason, ther default location for the time |
|
stamp files has changed back to a directory located in /var/run. |
|
Systems that do not have /var/run (e.g. AIX) or that do not clear |
|
it on boot (e.g. HP-UX) will need to clear the time stamp |
|
directory via a startup script. Such a script is installed by |
|
default on AIX and HP-UX systems. |
|
|
|
Because there is now a single time stamp file per user, the -K |
|
option will remove all of the user's time stamps, not just the |
|
time stamp for the current terminal. |
|
|
|
Lecture status is now stored separatedly from the time stamps |
|
in a separate directory: /var/db/sudo/lectured, /var/lib/sudo/lectured |
|
or /var/adm/sudo/lectured depending on what is present on the |
|
system. |
|
|
|
LDAP-based sudoers now uses a default search filter of |
|
(objectClass=sudoRole) for more efficient queries. It is |
|
possible to disable the default search filter by specifying |
|
SUDOERS_SEARCH_FILTER in ldap.conf but omitting a value. |
|
|
o Upgrading from a version prior to 1.8.7: |
o Upgrading from a version prior to 1.8.7: |
|
|
Sudo now stores its libexec files in a "sudo" sub-directory |
Sudo now stores its libexec files in a "sudo" sub-directory |