- Community Home
- >
- Servers and Operating Systems
- >
- Legacy
- >
- Secure OS Software for Linux
- >
- What SUDO Special Features to Compile in
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-17-2011 07:40 AM
тАО01-17-2011 07:40 AM
Got a big sudo project coming up and I'm just starting to read the material. One of the first decisions is to decide what arguments to include during the compilation. Question: Anybody have procedure that they have followed in their environment with explanations? Especially to any MUST HAVE / DON'T FORGET TO ADD THIS IN / features?
I've attached the Installation instructions beginning at the Special Features section.
9 - 10 point for every answer mostly guaranteed.
Links to Installing Sudo for Dummies also greatly appreciated.
Solved! Go to Solution.
- Tags:
- sudo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-18-2011 02:45 AM
тАО01-18-2011 02:45 AM
SolutionIf some compiled-in default is not sufficient, you can tailor it to your requirements with run-time configuration in the overwhelming majority of cases.
For most Linux distributions, there is generally no need to compile sudo at all unless you have special configuration requirements: a pre-compiled, standard sudo package is available in most Linux distributions. Modern distributions often have cryptographic signatures and checksums embedded in their packages, so using the standard version might actually make it easier to verify your system is running the correct version of sudo.
(Installing Sudo for Dummies: if you don't have special requirements, get a pre-packaged version and use the standard package tools of the OS to install it.)
But if you have e.g. an administrative requirement to *always* prompt for a password when using sudo, you could tweak the defaults to match your site policy when compiling your own, using "--with-timeout=0". You should still have the equivalent run-time configuration line
Defaults timestamp_timeout=0
included in your sudoers file, just in case someone later replaces your custom sudo with a default version provided by your OS distribution/vendor.
If you have a requirement for one-time passwords (SKey, NRL OPIE, SecurID), then remember to include the appropriate support options: these might not be included automatically.
Read the description and use your judgement with --disable-root-mailer.
The "noexec" functionality can be very useful when setting up a system for tightly-regulated sudo use. But it's about the newest (= least proven) major part of sudo, so I understand if someone prefers to disable it.
All the other utilities in most modern systems will expect all programs to use PAM for authentication requirements, so sudo should use PAM too unless there is a specific reason to do otherwise.
The LDAP and Kerberos compile-time options should be chosen according to your requirements. If you're sure you won't be centralizing your sudoers configuration with LDAP or using Kerberos, disabling those parts at the compilation time minimizes the amount of security-critical code.
The rest of compile-time-only options are pretty much dependent on the environment you're planning to compile and use sudo in.
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-18-2011 07:57 AM
тАО01-18-2011 07:57 AM
Re: What SUDO Special Features to Compile in
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-18-2011 11:37 AM
тАО01-18-2011 11:37 AM
Re: What SUDO Special Features to Compile in
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-18-2011 12:09 PM
тАО01-18-2011 12:09 PM
Re: What SUDO Special Features to Compile in
> would you compile or add in to sudo?
Probably the ones which I expected to use.
"Got a big sudo project" didn't seem to me to
be a very detailed description of the actual
requirements.
If I couldn't identify any special needs now,
then I'd probably use a default/standard kit
until I ran into a case where I needed some
special feature which needed the extra effort
to get enabled.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-21-2011 06:02 PM
тАО01-21-2011 06:02 PM