summaryrefslogtreecommitdiff
path: root/usr.bin/sudo/TROUBLESHOOTING
blob: 06ce25c84445c91eae0ea92f3d7498abab162215 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
FAQ and troubleshooting tips for Sudo
=====================================

Q) Sudo compiles but when I run it I get "Sorry, sudo must be setuid root."
   and sudo quits.
A) Sudo must be setuid root to do its work.  You need to do something like
   `chmod 4111 /usr/local/bin/sudo'.  Also, the filesystem sudo resides
   on must *not* be mounted with the nosuid mount option or sudo will
   not be able to work.  Another possibility is you may have '.' in
   your $PATH before the directory containing sudo.  If you are going
   to have '.' in your path you should make sure it is at the end.

Q) Sudo is setup to log via syslog(3) but I'm not getting any log
   messages.
A) Make sure you have an entry in your syslog.conf file to save
   the sudo messages (see the sample.syslog.conf file).  The default
   log facility is local2 (changeable via configure).  Don't forget
   to send a SIGHUP to your syslogd so that it re-reads its conf file.
   Also, remember that syslogd does *not* create log files, you need to
   create the file before syslogd will log to it (ie: touch /var/log/sudo).
   Note:  the facility ("local2.debug") must be separated from the 
	  destination ("/var/adm/sudo.log" or "@loghost") by
	  tabs, *not* spaces.  This is a common error.

Q) When sudo asks me for my password it never accepts what I enter even
   though I know I entered my password correctly.
A) If your system uses shadow passwords, it is possible that sudo
   didn't detect this.  Take a look at the generated config.h file
   and verify that the C function used for shadow password lookups
   was detected.  For instance, for SVR4-style shadow passwords,
   HAVE_GETSPNAM should be defined (you can search for the string
   "shadow passwords" in config.h with your editor).  Note that
   there is no define for 4.4BSD-based shadow passwords since that
   just uses the standard getpw* routines.

Q) I don't want the sudoers file in /etc, how can I specify where it
   should go?
A) Use the --sysconfdir option to configure.  Ie:
   configure --sysconfdir=/dir/you/want/sudoers/in

Q) Can I put the sudoers file in NIS/NIS+ or do I have to have a
   copy on each machine?
A) There is no support for making an NIS/NIS+ map/table out of
   the sudoers file at this time.  A good way to distribute the
   sudoers file is via rdist(1).  It is also possible to NFS-mount
   the sudoers file.

Q) I don't run sendmail on my machine.  Does this mean that I cannot
   use sudo?
A) No, you just need to run use the --without-sendmail argument to configure
   or add "!mailerpath" to the Defaults line in /etc/sudoers.

Q) When I run visudo it uses vi as the editor and I hate vi.  How
   can I make it use another editor?
A) Your best bet is to run configure with the --with-env-editor switch.
   This will make visudo use the editor specified by the user's
   EDITOR environment variable.  Alternately, you can run configure
   with the --with-editor=/path/to/another/editor.

Q) Sudo appears to be removing some variables from my environment, why?
A) Sudo removes the following "dangerous" environment variables
   to guard against shared library spoofing, shell voodoo, and
   kerberos server spoofing.
     IFS
     LOCALDOMAIN
     RES_OPTIONS
     HOSTALIASES
     ENV
     BASH_ENV
     LD_*
     _RLD_*
     SHLIB_PATH (HP-UX only)
     LIB_PATH (AIX only)
     KRB_CONF (kerb4 only)
     KRB5_CONFIG (kerb5 only)

Q) How can I keep sudo from asking for a password?
A) To specify this on a per-user (and per-command) basis, use the 'NOPASSWD'
   tag right before the command list in sudoers.  See the sudoers man page
   and sample.sudoers for details.  To disable passwords completely,
   run configure with the --without-passwd option or add "!authenticate"
   to the Defaults line in /etc/sudoers.  You can also turn off authentication
   on a per-user or per-host basis using a user or host-specific Defaults
   entry in sudoers.

Q) When I run configure, it dies with the following error:
   "no acceptable cc found in $PATH".
A) /usr/ucb/cc was the only C compiler that configure could find.
   You need to tell configure the path to the "real" C compiler
   via the --with-CC option.  On Solaris, the path is probably
   something like "/opt/SUNWspro/SC4.0/bin/cc".  If you have gcc
   that will also work.

Q) When I run configure, it dies with the following error:
   Fatal Error: config.cache exists from another platform!
   Please remove it and re-run configure.
A) configure caches the results of its tests in a file called
   config.cache to make re-running configure speedy.  However,
   if you are building sudo for a different platform the results
   in config.cache will be wrong so you need to remove config.cache.
   You can do this by "rm config.cache" or "make realclean".
   Note that "make realclean" will also remove any object files
   and configure temp files that are laying around as well.

Q) I built sudo on a Solaris >= 2.6 machine but the resulting binary
   doesn't work on Solaris <= 2.5.1.  Why?
A) Starting with Solaris 2.6, snprintf(3) is included in the standard
   C library.  To build a version of sudo on a >= 2.6 machine that
   will run on a <= 2.5.1 machine, edit config.h and comment out the lines:
	#define HAVE_SNPRINTF 1
	#define HAVE_VSNPRINTF 1
   and run make.

Q) When I run "visudo" it says "sudoers file busy, try again later."
   and doesn't do anything.
A) Someone else is currently editing the sudoers file with visudo.

Q) When I try to use "cd" with sudo it says "cd: command not found".
A) "cd" is a shell builtin, you can't run it as a command since
   a child process (sudo) cannot affect the current working directory
   of the parent (your shell).

Q) When I try to use "cd" with sudo the command completes without
   errors but nothing happens.
A) Some SVR4-derived OS's include a /usr/bin/cd command for reasons
   unfathomable.  A "cd" command is totally useless since a child process
   cannot affect the current working directory of the parent (your shell).

Q) How do you pronounce `sudo'?
A) soo-doo (for superuser do).