fi ; \
cp $(srcdir)/INSTALL.binary $$tdir/INSTALL ; \
sh ./config.status --file=Makefile.binary && cp Makefile.binary $$tdir/Makefile ; \
- strip $$tdir/sudo ; \
- strip $$tdir/visudo ; \
cd tmp.$$ARCH && tar Ocf ../sudo-$(VERSION)-$$ARCH.tar sudo-$(VERSION) && cd .. ; \
- gzip --best sudo-$(VERSION)-$$ARCH.tar ; \
+ gzip -f --best sudo-$(VERSION)-$$ARCH.tar ; \
rm -rf tmp.$$ARCH ; \
)
+
+ depot:
+ ( \
+ tdir=tmp.depot ; \
+ mkdir $$tdir ; \
+ for i in sudo visudo sudo.man visudo.man sudoers.man sudoers ChangeLog HISTORY LICENSE README TROUBLESHOOTING UPGRADE sample.syslog.conf sample.sudoers; do \
+ if [ -f $$i ]; then \
+ cp $$i $$tdir ; \
+ elif [ -f $(srcdir)/$$i ]; then \
+ cp $(srcdir)/$$i $$tdir ; \
+ else \
+ echo cannot find $$i ; \
+ exit 1 ; \
+ fi ; \
+ done ; \
+ if [ -f sudo_noexec.la ]; then \
+ cp libtool $$tdir ; \
+ $(LIBTOOL) --mode=install $(INSTALL) sudo_noexec.la `pwd`/$$tdir ; \
+ fi ; \
+ sed 's/@VERSION@/$(VERSION)/g' <$(srcdir)/sudo.psf >$$tdir/sudo.psf ; \
+ printf '#!/sbin/sh\nrm -f /usr/local/bin/sudoedit\nln /usr/local/bin/sudo /usr/local/bin/sudoedit\n' > $$tdir/sudo-exec.postinstall ; \
+ printf '#!/sbin/sh\nrm -f /usr/local/man/man1m/sudoedit.1m\nln /usr/local/man/man1m/sudo.1m /usr/local/man/man1m/sudoedit.1m\n' > $$tdir/sudo-man.postinstall ; \
+ printf '#!/sbin/sh\nif [ ! -s /etc/sudoers ]; then\n\techo installing /usr/local/doc/sudo/sudoers as /etc/sudoers\n\techo use /usr/local/sbin/visudo to configure sudo\n\tcp /usr/local/doc/sudo/sudoers /etc/sudoers\n\tchmod 440 /etc/sudoers\n\tchown root:root /etc/sudoers\nfi\n' > $$tdir/sudo-config.postinstall ; \
+ chmod 755 $$tdir/sudo-exec.postinstall $$tdir/sudo-man.postinstall $$tdir/sudo-config.postinstall ; \
+ strip $$tdir/sudo ; \
+ strip $$tdir/visudo ; \
+ cd $$tdir ; \
+ swpackage -x target_type=tape -d ../sudo-$(VERSION).depot -s sudo.psf ; \
+ cd .. ; \
+ gzip -f --best sudo-$(VERSION).depot; \
+ rm -rf tmp.depot ; \
+ )
+
+ .PHONY: ChangeLog
sudoedit /etc/printcap, /usr/oper/bin/
# joe may su only to operator
-joe ALL = /usr/bin/su operator
+joe ALL = /bin/su operator
# pete may change passwords for anyone but root on the hp snakes
- pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root
+ pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd root
# bob may run anything on the sparc and sgi machines as any user
# listed in the Runas_Alias "OP" (ie: root and operator)
=over 16
-=item always_set_home
+=item mail_badpass
- Send mail to the I<mailto> user if the user running B<sudo> does not
- enter the correct password. This flag is I<off> by default.
-
- =item mail_no_host
-
- If set, mail will be sent to the I<mailto> user if the invoking
- user exists in the I<sudoers> file, but is not allowed to run
- commands on the current host. This flag is I<@mail_no_host@> by default.
-
- =item mail_no_perms
-
- If set, mail will be sent to the I<mailto> user if the invoking
- user is allowed to use B<sudo> but the command they are trying is not
- listed in their I<sudoers> file entry or is explicitly denied.
- This flag is I<@mail_no_perms@> by default.
-
- =item mail_no_user
-
- If set, mail will be sent to the I<mailto> user if the invoking
- user is not in the I<sudoers> file. This flag is I<@mail_no_user@>
- by default.
-
- =item noexec
-
- If set, all commands run via B<sudo> will behave as if the C<NOEXEC>
- tag has been set, unless overridden by a C<EXEC> tag. See the
- description of I<NOEXEC and EXEC> below as well as the L<PREVENTING SHELL
- ESCAPES> section at the end of this manual. This flag is I<off> by default.
+ If set, B<sudo> will set the C<HOME> environment variable to the home
+ directory of the target user (which is root unless the B<-u> option is used).
+ This effectively means that the B<-H> option is always implied.
+ This flag is I<off> by default.
=item authenticate
.PP
There is a hard-coded list of editors that \fBvisudo\fR will use set
at compile-time that may be overridden via the \fIeditor\fR \fIsudoers\fR
-\&\f(CW\*(C`Default\*(C'\fR variable. This list defaults to the path to \fIvi\fR\|(1) on
-your system, as determined by the \fIconfigure\fR script. Normally,
-\&\fBvisudo\fR does not honor the \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR environment
+\&\f(CW\*(C`Default\*(C'\fR variable.
+On Debian systems, this list defaults to /usr/bin/editor, which is meant to
+be a system-wide default editor chosen through the alternatives system.
+Normally, \&\fBvisudo\fR does not honor the \f(CW\*(C`VISUAL\*(C'\fR or
+\f(CW\*(C`EDITOR\*(C'\fR environment
variables unless they contain an editor in the aforementioned editors
list. However, if \fBvisudo\fR is configured with the \fI\-\-with\-enveditor\fR
- flag or the \fIenv_editor\fR \f(CW\*(C`Default\*(C'\fR variable is set in \fIsudoers\fR,
+ option or the \fIenv_editor\fR \f(CW\*(C`Default\*(C'\fR variable is set in \fIsudoers\fR,
\&\fBvisudo\fR will use any the editor defines by \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR.
Note that this can be a security hole since it allows the user to
execute any program they wish simply by setting \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR.