After I finish a talk on sudo at a conference, I usually receive quite a few questions. Many of the answers I gave earlier were already included in the latest version of my sudo talk. The following is a collection of questions and answers from different conferences.
Right now the insult messages are hard-coded. There are plans to use an external file for them, but obviously this change is not high on the TODO list.
Local settings are not cached when you store your configuration in LDAP. This means that sudo will not work in this case.
Right now there is no support for storing session recordings centrally. You can mount remote directories and store recordings there, but that still gives write access to the local machine and thus recordings can be deleted by a user. The upcoming 1.9 version of sudo will feature a Recording Service, where sudo can stream sessions in real-time.
The short answer is: No. The list of commands, hosts, users and so on is site specific. But it is not really difficult to create those hashes even from the Bash command line. For example, to generate digests for all applications in the /usr/sbin directory and allow user “peter” to run them on any host, you can use the following one-liner:
for i in /usr/sbin/* ; do echo "peter ALL = sha224:"`sha224sum $i` ; done
No, sudo is not a single file but a group of applications and configuration files. On the other hand, on any modern hardware you can bring up a virtual machine in a matter of minutes and you have a clean environment ready for testing a different version of sudo.
Actually there are quite a lot: database servers, mailing list servers, printing services and many others run under their own user names and expect at least some of the commands executed using these user names.
- If you use one of the more popular Linux distributions or UNIX variants there is a good chance, that a pre-compiled binary already exists for it on the sudo website.
- If your system is not listed there then you should compile sudo yourself.
- If sudo is packaged for your system, you might be able to re-use that for an updated package. Or simply compile sudo from source. Instructions for building from source are included in the source code.
If you would like to be notified about new posts and sudo news, sign up for the sudo blog announcement mailing list.