+++ /dev/null
-Notes on upgrading from an older release
-========================================
-
-o Upgrading from a version prior to 1.7.4:
-
- Starting with sudo 1.7.4, the time stamp files have moved from
- /var/run/sudo to either /var/db/sudo, /var/lib/sudo or /var/adm/sudo.
- The directories are checked for existence in that order. This
- prevents users from receiving the sudo lecture every time the
- system reboots. Time stamp files older than the boot time are
- ignored on systems where it is possible to determine this.
-
- Additionally, the tty_tickets sudoers option is now enabled by
- default. To restore the old behavior (single time stamp per user),
- add a line like:
- Defaults !tty_tickets
- to sudoers or use the --without-tty-tickets configure option.
-
- The HOME and MAIL environment variables are now reset based on the
- target user's password database entry when the env_reset sudoers option
- is enabled (which is the case in the default configuration). Users
- wishing to preserve the original values should use a sudoers entry like:
- Defaults env_keep += HOME
- to preserve the old value of HOME and
- Defaults env_keep += MAIL
- to preserve the old value of MAIL.
-
- NOTE: preserving HOME has security implications since many programs
- use when searching for configuration files. Adding HOME to env_keep
- may enable a user to run unrestricted commands via sudo.
-
- The default syslog facility has changed from "local2" to "authpriv"
- (or "auth" if the operating system doesn't have "authpriv").
- The --with-logfac configure option can be used to change this
- or it can be changed in the sudoers file.
-
-o Upgrading from a version prior to 1.7.0:
-
- Starting with sudo 1.7.0, comments in the sudoers file must not
- have a digit or minus sign immediately after the comment character
- ('#'). Otherwise, the comment may be interpreted as a user or
- group ID.
-
- When sudo is build with LDAP support the /etc/nsswitch.conf file is
- now used to determine the sudoers seach order. sudo will default to
- only using /etc/sudoers unless /etc/nsswitch.conf says otherwise.
- This can be changed with an nsswitch.conf line, e.g.:
- sudoers: ldap files
- Would case LDAP to be searched first, then the sudoers file.
- To restore the pre-1.7.0 behavior, run configure with the
- --with-nsswitch=no flag.
-
- Sudo now ignores user .ldaprc files as well as system LDAP defaults.
- All LDAP configuration is now in /etc/ldap.conf (or whichever file
- was specified by configure's --with-ldap-conf-file option).
- If you are using TLS, you may now need to specify:
- tls_checkpeer no
- in sudo's ldap.conf unless ldap.conf references a valid certificate
- authority file(s).
-
- Please also see the NEWS file for a list of new features in
- sudo 1.7.0.
-
-o Upgrading from a version prior to 1.6.9:
-
- Starting with sudo 1.6.9, if an OS supports a modular authentication
- method such as PAM, it will be used by default by configure.
-
- Environment variable handling has changed significantly in sudo
- 1.6.9. Prior to version 1.6.9, sudo would preserve the user's
- environment, pruning out potentially dangerous variables.
- Beginning with sudo 1.6.9, the envionment is reset to a default
- set of values with only a small number of "safe" variables
- preserved. To preserve specific environment variables, add
- them to the "env_keep" list in sudoers. E.g.
-
- Defaults env_keep += "EDITOR"
-
- The old behavior can be restored by negating the "env_reset"
- option in sudoers. E.g.
-
- Defaults !env_reset
-
- There have also been changes to how the "env_keep" and
- "env_check" options behave.
-
- Prior to sudo 1.6.9, the TERM and PATH environment variables
- would always be preserved even if the env_keep option was
- redefined. That is no longer the case. Consequently, if
- env_keep is set with "=" and not simply appended to (i.e. using
- "+="), PATH and TERM must be explicitly included in the list
- of environment variables to keep. The LOGNAME, SHELL, USER,
- and USERNAME environment variables are still always set.
-
- Additionally, the env_check setting previously had no effect
- when env_reset was set (which is now on by default). Starting
- with sudo 1.6.9, environment variables listed in env_check are
- also preserved in the env_reset case, provided that they do not
- contain a '/' or '%' character. Note that it is not necessary
- to also list a variable in env_keep--having it in env_check is
- sufficent.
-
- The default lists of variables to be preserved and/or checked
- are displayed when sudo is run by root with the -V flag.
-
-o Upgrading from a version prior to 1.6.8:
-
- Prior to sudo 1.6.8, if /var/run did not exist, sudo would put
- the time stamp files in /tmp/.odus. As of sudo 1.6.8, the
- time stamp files will be placed in /var/adm/sudo or /usr/adm/sudo
- if there is no /var/run directory. This directory will be
- created if it does not already exist.
-
- Previously, a sudoers entry that explicitly prohibited running
- a command as a certain user did not override a previous entry
- allowing the same command. This has been fixed in sudo 1.6.8
- such that the last match is now used (as it is documented).
- Hopefully no one was depending on the previous (buggy) beghavior.
-
-o Upgrading from a version prior to 1.6:
-
- As of sudo 1.6, parsing of runas entries and the NOPASSWD tag
- has changed. Prior to 1.6, a runas specifier applied only to
- a single command directly following it. Likewise, the NOPASSWD
- tag only allowed the command directly following it to be run
- without a password. Starting with sudo 1.6, both the runas
- specifier and the NOPASSWD tag are "sticky" for an entire
- command list. So, given the following line in sudo < 1.6
-
- millert ALL=(daemon) NOPASSWD:/usr/bin/whoami,/bin/ls
-
- millert would be able to run /usr/bin/whoami as user daemon
- without a password and /bin/ls as root with a password.
-
- As of sudo 1.6, the same line now means that millert is able
- to run run both /usr/bin/whoami and /bin/ls as user daemon
- without a password. To expand on this, take the following
- example:
-
- millert ALL=(daemon) NOPASSWD:/usr/bin/whoami, (root) /bin/ls, \
- /sbin/dump
-
- millert can run /usr/bin/whoami as daemon and /bin/ls and
- /sbin/dump as root. No password need be given for either
- command. In other words, the "(root)" sets the default runas
- user to root for the rest of the list. If we wanted to require
- a password for /bin/ls and /sbin/dump the line could be written
- thusly:
-
- millert ALL=(daemon) NOPASSWD:/usr/bin/whoami, \
- (root) PASSWD:/bin/ls, /sbin/dump
-
- Additionally, sudo now uses a per-user time stamp directory
- instead of a time stamp file. This allows tty time stamps to
- simply be files within the user's time stamp dir. For the
- default, non-tty case, the time stamp on the directory itself
- is used.
-
- Also, the temporary file used by visudo is now /etc/sudoers.tmp
- since some versions of vipw on systems with shadow passwords use
- /etc/stmp for the temporary shadow file.
-
-o Upgrading from a version prior to 1.5:
-
- By default, sudo expects the sudoers file to be mode 0440 and
- to be owned by user and group 0. This differs from version 1.4
- and below which expected the sudoers file to be mode 0400 and
- to be owned by root. Doing a `make install' will set the sudoers
- file to the new mode and group. If sudo encounters a sudoers
- file with the old permissions it will attempt to update it to
- the new scheme. You cannot, however, use a sudoers file with
- the new permissions with an old sudo binary. It is suggested
- that if have a means of distributing sudo you distribute the
- new binaries first, then the new sudoers file (or you can leave
- sudoers as is and sudo will fix the permissions itself as long
- as sudoers is on a local file system).