diff options
Diffstat (limited to '')
| -rw-r--r-- | debian/README | 21 | ||||
| -rw-r--r-- | debian/README.Debian | 56 |
2 files changed, 77 insertions, 0 deletions
diff --git a/debian/README b/debian/README new file mode 100644 index 0000000..b5ed892 --- /dev/null +++ b/debian/README @@ -0,0 +1,21 @@ +# +# As of Debian version 1.7.2p1-1, the default /etc/sudoers file created on +# installation of the package now includes the directive: +# +# #includedir /etc/sudoers.d +# +# This will cause sudo to read and parse any files in the /etc/sudoers.d +# directory that do not end in '~' or contain a '.' character. +# +# Note that there must be at least one file in the sudoers.d directory (this +# one will do), and all files in this directory should be mode 0440. +# +# Note also, that because sudoers contents can vary widely, no attempt is +# made to add this directive to existing sudoers files on upgrade. Feel free +# to add the above directive to the end of your /etc/sudoers file to enable +# this functionality for existing installations if you wish! +# +# Finally, please note that using the visudo command is the recommended way +# to update sudoers content, since it protects against many failure modes. +# See the man page for visudo for more information. +# diff --git a/debian/README.Debian b/debian/README.Debian new file mode 100644 index 0000000..413d529 --- /dev/null +++ b/debian/README.Debian @@ -0,0 +1,56 @@ +The version of sudo that ships with Debian by default resets the +environment, as described by the "env_reset" flag in the sudoers file. + +This implies that all environment variables are removed, except for +LOGNAME, PATH, SHELL, TERM, DISPLAY, XAUTHORITY, XAUTHORIZATION, XAPPLRESDIR, +XFILESEARCHPATH, XUSERFILESEARCHPATH, LANG, LANGUAGE, LC_*, and USER. + +In case you want sudo to preserve more environment variables, you must +specify the env_keep variable in the sudoers file. You should edit the +sudoers file using the visudo tool. + +Examples: +Preserve the default variables plus the EDITOR variable: + + Defaults env_keep+="EDITOR" + +Preserve the default variables plus all variables starting with LC_: + + Defaults env_keep+="LC_*" + + - - - - - + +If you're using the sudo-ldap package, note that it is now configured to +look for /etc/sudo-ldap.conf. Depending on your system configuration, it +probably makes sense for this to be a symlink to /etc/ldap.conf, or perhaps +to /etc/libnss-ldap.conf or /etc/pam_ldap.conf. By default, no symlink or +file is provided, you'll need to decide what to do and create a suitable +file before sudo-ldap will work. + + - - - - - + +As of version 1.7, sudo-ldap now requires the LDAP source to be specified +in /etc/nsswitch.conf with a line like: + + sudoers: ldap + + - - - - - + +Note that the support for the sss provider (libsss_sudo.so) that allows sudo +to use SSSD as a cache for policies stored in LDAP is included in the sudo +package, not in the sudo-ldap package. I have some hope that this turns out +to be a better overall solution for using sudo with LDAP, as the sudo-ldap +package is difficult to maintain and I'd love to be able to eliminate it! + + - - - - - + +See the file OPTIONS in this directory for more information on the sudo +build options used in building the Debian package. + + - - - - - + +If you're having trouble grasping the fundamental idea of what sudo is all +about, here's a succinct and humorous take on it... + + http://www.xkcd.com/c149.html + |