Sudo on OpenBSD, DragonFlyBSD and NetBSD
My FOSDEM talk in the BSD devroom showcased what is new in sudo and syslog-ng and explained how to install or compile the software yourself on FreeBSD. I am a long-time FreeBSD user, started with version 1.0 in 1994. But soon after my talk I was asked what I know about the other BSDs. I knew that all BSDs have sudo in their ports system, but had no idea what shape those ports were in.
For this blog I installed OpenBSD, DragonFlyBSD and NetBSD to check the syslog-ng and sudo packages. The situation for sudo is a lot better than with syslog-ng, but there is still some room for improvement.
Installation of sudo on OpenBSD is easy and it installs the latest version:
openbsd68# pkg_add sudo
quirks-3.441 signed on 2021-02-17T11:25:54Z
Ambiguous: choose package for sudo
a 0: <None>
1: sudo-1.9.5.2p0
2: sudo-1.9.5.2p0-gettext
3: sudo-1.9.5.2p0-gettext-ldap
Your choice: 1
sudo-1.9.5.2p0: ok
The following new rcscripts were installed: /etc/rc.d/sudo_logsrvd
See rcctl(8) for details.
As you can see, there are a number of different builds to choose from. And not only that, you can also install Python support for sudo:
openbsd68# pkg_add sudo-python
My favorite sudo feature is also enabled by default: insults, which means that OpenBSD appreciates sysadmin humor :-)
The default configuration is quite restrictive, only root can use sudo. Enabling the wheel group is luckily only just a visudo away: the sample configuration has many useful examples in comment, where you only need to remove the # sign from the beginning of the line.
Many years ago DragonFlyBSD started its life as a fork of FreeBSD. While they took a different route from FreeBSD, they also stayed close. DragonFlyBSD ports builds on FreeBSD ports, though there are some additional applications and other minor differences. As I learned, they do a monthly sync of the FreeBSD ports tree. As a result, the first time I installed sudo it was still at version 1.9.3, while FreeBSD ports and packages had 1.9.5p2 (which has some important security fixes). Now they have the latest sudo version as well:
dragon# pkg install sudo
Updating Avalon repository catalogue...
Fetching meta.conf: 100% 246 B 0.3kB/s 00:01
Fetching packagesite.txz: 100% 6 MiB 433.9kB/s 00:14
Processing entries: 100%
Avalon repository update completed. 29168 packages processed.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
sudo: 1.9.5p2 [Avalon]
Number of packages to be installed: 1
The process will require 4 MiB more space.
963 KiB to be downloaded.
Proceed with this action? [y/N]: y
[1/1] Fetching sudo-1.9.5p2.txz: 100% 963 KiB 246.4kB/s 00:04
Checking integrity... done (0 conflicting)
[1/1] Installing sudo-1.9.5p2...
[1/1] Extracting sudo-1.9.5p2: 100%
As it comes from FreeBSD, the binary package has the same minimalist and politically correct configuration as the FreeBSD package I described in my blog a month ago: Sudo on FreeBSD. And just as on FreeBSD, you need to compile sudo yourself if you want insults, LDAP or Python support.
Installation of sudo is just as easy on NetBSD as on the other BSD variants:
pkgin install sudo
I omitted the output here, as it is a bit more verbose. Just as on FreeBSD and DragonFlyBSD, if you want advanced sudo features you need to compile sudo yourself. The bad news is that even if you compile sudo yourself, there is no option in the Makefile to enable insults. Obviously, if the lack of insults is the worst problem you have, then things are still pretty good :-)
If you would like to be notified about new posts and sudo news, sign up for the sudo blog announcement mailing list.