8/8/2019 sudo installation

1/5

Introduction

Sudo (Super User Do) is a very useful program that allows a system administrator to givecertain users the ability to run some (or all) commands as root

[Edit section ] Steps

1. Download the source code:

The source of sudo is available from http://www.courtesan.com/sudo/ . At the time of writing, the latest version is V1.6.3 and the source code is provided as a compressed tar archive in the file sudo-1.6.3.tar.gz . Download this file to a temporary directory, suchas /tmp.

2. Prepare the source code for compilation:

Log in as root, make a directory at a convenient point in the file system to hold the sourcecode and copy the source into this directory. For example:

1. mkdir -p /opt/source/sudo2. cd /opt/source/sudo3. cp /tmp/sudo-1.6.3.tar.gz .

Unzip and untar the source and then change to the directory created by tar:

1. gunzip sudo

2. tar xvf sudo3. cd sudo-1.6.3

At this point, you may like to have a look at the README, INSTALL and FAQ files.

3. Compile the source code and install sudo:

Configure the compilation process for your system:

1. ./configure

Compile the source code:

1. make

And install the compiled code:

http://wiki.ittoolbox.com/index.php?title=Install_and_configure_sudo_in_AIX&action=edit&section=2http://www.courtesan.com/sudo/http://wiki.ittoolbox.com/index.php?title=Install_and_configure_sudo_in_AIX&action=edit&section=2http://www.courtesan.com/sudo/

8/8/2019 sudo installation

2/5

1. make install

This install the sudo program into /usr/local/bin, the visudo script (see later) into/usr/local/sbin and the manual page into subdirectories of /usr/local/man.

4. Modify the search path:

If you haven't already done so for other software, you now need to modify the search paths so that the system can find the sudo program and its manual pages. If you'rerunning the CDE windowing system, this is done by editing the file /.dtprofile and addingthe following lines (if they aren't already there) to the end of this file:

PATH=$PATH:/usr/local/bin:/usr/local/sbin:/usr/ccs/binMANPATH=$MANPATH:/usr/man/:/usr/local/man

It's advisable to log out and log in again at this point to activate these changes. Make sure

that the system can find the sudo program:

1. sudo -V

(that's an upper case "V") and that you can display the manual pages:

1. man sudo2. man visudo3. man sudoers

5. Configure sudo:

sudo is controlled by its configuration file /etc/sudoers. The program has a rich selectionof configuration options and you may like to read the man page for sudoers and examinethe sample configuration file which you'll find in sample.sudoers in the source codedirectory.

The instructions below describe how to create an sudoers file which allows any user torun the /dialup and /hangup scripts defined in Configuring PPP on Solaris to connect toan ISP and allows a particular user to run any command as root.

One potential difficulty is that the /etc/sudoers file must be edited using the visudo program and not directly in your editor of choice. visudo uses the "vi" editor and thismeans that you need at least a basic understanding of how to use this editor. If you aren'talready familiar with vi, you'll have to learn it sooner or later so now's a good time tostart! But don't worry if you've never used it before - I'll include enough instruction hereto enable you to edit the short file created by the installation process and append a coupleof lines to it.

8/8/2019 sudo installation

3/5

8/8/2019 sudo installation

4/5

followed by ENTER. If you make a mistake at any time, just press the ESCAPE keyfollowed by:

q!

followed by ENTER and vi will return you to the shell command prompt without makingany changes to the file.

6. Using sudo:

sudo is simple to use. To execute a command with root privilege, type:

$ sudo name-of-command

If this is the first time you've used sudo since logging in, sudo will ask for your password.The password required at this point is the user's own password, not the root password. So,

if you've logged in as user jane and she wants to start a dialup connection to her ISP, shewould type:

1. sudo /dialup

and sudo responds:

We trust you have received the usual lecture from the local System

Administrator. It usually boils down to these two things:

1. 1) Respect the privacy of others.2. 2) Think before you type.

Password:

Jane would then type her password and sudo will run the /dialup script for her with root privilege. If further commands are executed using sudo within 5 minutes, it will not ask for a password again.

But if Jane were to try and execute a command without having the necessary permission(as defined in the /etc/sudoers file), sudo will refuse to run it:

$ sudo vi /etc/passwd

Sorry, user jane is not allowed to execute "/usr/bin/vi /etc/passwd" as root on sunbeam.

In this example, sunbeam is the name of the machine.

8/8/2019 sudo installation

5/5

If you'd prefer not to have to type a password at all, replace the two lines in /etc/sudoerswith:

ALL NOPASSWD: ALL=/dialup,/hangup mike ALL=(root) NOPASSWD: ALL