Q) Sudo compiles but when I run it I get "Sorry, sudo must be setuid root."
and sudo quits.
A) Sudo must be setuid root to do its work. You need to do something like
- `chmod 4111 /usr/local/bin/sudo'. Also, the filesystem sudo resides
- on must *not* be mounted with the nosuid mount option or sudo will
- not be able to work. Another possibility is you may have '.' in
+ `chmod 4111 /usr/local/bin/sudo'. Also, the file system sudo resides
+ on must *not* be mounted (or exported) with the nosuid option or sudo
+ will not be able to work. Another possibility is you may have '.' in
your $PATH before the directory containing sudo. If you are going
to have '.' in your path you should make sure it is at the end.
-Q) Sudo compiles but when I run it I get "seteuid(0) failed, your operating
- system may have broken POSIX saved ID support\nTry running configure with
- --disable-saved-ids" and sudo quits.
-A) The operating system you are running probably has broken support for
- POSIX saved IDs. You should run configure with the "--disable-saved-ids"
- option and rebuild sudo.
-
Q) Sudo never gives me a chance to enter a password using PAM, it just
- says 'Sorry, try again.' three times and quits.
-A) You didn't setup PAM to work with sudo. On Linux this generally
- means installing sample.pam as /etc/pam.d/sudo.
+ says 'Sorry, try again.' three times and exits.
+A) You didn't setup PAM to work with sudo. On Redhat Linux or Fedora
+ Core this generally means installing sample.pam as /etc/pam.d/sudo.
+ See the sample.pam file for hints on what to use for other Linux
+ systems.
+
+Q) Sudo says 'Account expired or PAM config lacks an "account"
+ section for sudo, contact your system administrator' and exits
+ but I know my account has not expired.
+A) Your PAM config lacks an "account" specification. On Linux this
+ usually means you are missing a line like:
+ account required pam_unix.so
+ in /etc/pam.d/sudo.
Q) Sudo is setup to log via syslog(3) but I'm not getting any log
messages.
A) Make sure you have an entry in your syslog.conf file to save
the sudo messages (see the sample.syslog.conf file). The default
- log facility is local2 (changeable via configure). Don't forget
- to send a SIGHUP to your syslogd so that it re-reads its conf file.
- Also, remember that syslogd does *not* create log files, you need to
- create the file before syslogd will log to it (ie: touch /var/log/sudo).
- Note: the facility ("local2.debug") must be separated from the
- destination ("/var/adm/sudo.log" or "@loghost") by
+ log facility is authpriv (changeable via configure or in sudoers).
+ Don't forget to send a SIGHUP to your syslogd so that it re-reads
+ its conf file. Also, remember that syslogd does *not* create
+ log files, you need to create the file before syslogd will log
+ to it (ie: touch /var/log/sudo).
+ Note: the facility (e.g. "auth.debug") must be separated from the
+ destination (e.g. "/var/log/auth" or "@loghost") by
tabs, *not* spaces. This is a common error.
Q) When sudo asks me for my password it never accepts what I enter even
A) Someone else is currently editing the sudoers file with visudo.
Q) When I try to use "cd" with sudo it says "cd: command not found".
-A) "cd" is a shell builtin, you can't run it as a command since
- a child process (sudo) cannot affect the current working directory
- of the parent (your shell).
+A) "cd" is a shell built-in command, you can't run it as a command
+ since a child process (sudo) cannot affect the current working
+ directory of the parent (your shell).
Q) When I try to use "cd" with sudo the command completes without
errors but nothing happens.
-A) Some SVR4-derived OS's include a /usr/bin/cd command for reasons
- unfathomable. A "cd" command is totally useless since a child process
- cannot affect the current working directory of the parent (your shell).
-
-Q) When I run sudo it says I am not alllowed to run the command as root
+A) Even though "cd" is a shell built-in command, some operating systems
+ include a /usr/bin/cd command for some reason. A standalone
+ "cd" command is totally useless since a child process (cd) cannot
+ affect the current working directory of the parent (your shell).
+ Thus, "sudo cd /foo" will start a child process, change the
+ directory and immediately exit without doing anything useful.
+
+Q) When I run sudo it says I am not allowed to run the command as root
but I don't want to run it as root, I want to run it as another user.
My sudoers file entry looks like:
bob ALL=(oracle) ALL
Defaults:bob runas_default=oracle
would achieve the desired result ofr the preceding sudoers fragment.
+Q) When I try to run sudo via ssh, I get the error:
+ sudo: no tty present and no askpass program specified
+A) ssh does not allocate a tty by default when running a remote command.
+ Without a tty, sudo cannot disable echo when prompting for a password.
+ You can use ssh's "-t" option to force it to allocate a tty.
+ Alternately, if you do not mind your password being echoed to the
+ screen, you can use the "visiblepw" sudoers option to allow this.
+
Q) How do you pronounce `sudo'?
-A) soo-doo (for superuser do).
+A) The official pronunciation is soo-doo (for su "do"). However, an
+ alternate pronunciation, a homophone of "pseudo", is also common.
projects / debian / sudo / blobdiff