Introduction to Sudo

The Sudo package allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while logging the commands and arguments.

This package is known to build and work properly using an LFS-8.3 platform.

Package Information

Sudo Dependencies


linux-pam, MIT Kerberos, openldap Postfix-3.3.1 (or an equivalent package that provides a sendmail command), AFS, FWTK, and Opie

User Notes:

Installation of Sudo

Install Sudo by running the following commands:

./configure --prefix=/usr              \
            --libexecdir=/usr/lib      \
            --with-secure-path         \
            --with-all-insults         \
            --with-env-editor          \
            --docdir=/usr/share/doc/sudo-1.8.25 \
            --with-passprompt="[sudo] password for %p: " &&

To test the results, issue: env LC_ALL=C make check 2>&1 | tee ../make-check.log. Check the results with grep failed ../make-check.log. One test, test3, is known to fail if the tests are run as the root user.

Now, as the root user:

make install &&
ln -sfv /usr/lib/sudo/

Command Explanations

--libexecdir=/usr/lib: This switch controls where private programs are installed. Everything in that directory is a library, so they belong under /usr/lib instead of /usr/libexec.

--with-secure-path: This switch transparently adds /sbin and /usr/sbin directories to the PATH environment variable.

--with-all-insults: This switch includes all the sudo insult sets.

--with-env-editor: This switch enables use of the environment variable EDITOR for visudo.

--with-passprompt: This switch sets the password prompt.

--without-pam: This switch avoids building Linux-PAM support when Linux-PAM is installed on the system.



There are many options to sudo's configure command. Check the configure --help output for a complete list.

ln -sfv libsudo_util...: Works around a bug in the installation process, which links to the previously installed version (if there is one) instead of the new one.

Configuring Sudo

Config File


Configuration Information

The sudoers file can be quite complicated. It is composed of two types of entries: aliases (basically variables) and user specifications (which specify who may run what). The installation installs a default configuration that has no privileges installed for any user.

One example usage is to allow the system administrator to execute any program without typing a password each time root privileges are needed. This can be configured as:

# User alias specification
User_Alias  ADMIN = YourLoginId

# Allow people in group ADMIN to run all commands without a password

For details, see man sudoers.



The Sudo developers highly recommend using the visudo program to edit the sudoers file. This will provide basic sanity checking like syntax parsing and file permission to avoid some possible mistakes that could lead to a vulnerable configuration.

If PAM is installed on the system, Sudo is built with PAM support. In that case, issue the following command as the root user to create the PAM configuration file:

cat > /etc/pam.d/sudo << "EOF"
# Begin /etc/pam.d/sudo

# include the default auth settings
auth      include     system-auth

# include the default account settings
account   include     system-account

# Set default environment variables for the service user
session   required

# include system session defaults
session   include     system-session

# End /etc/pam.d/sudo
chmod 644 /etc/pam.d/sudo


Installed Programs: sudo, sudoedit (symlink), sudoreplay, and visudo
Installed Libraries:,,,, and
Installed Directories: /etc/sudoers.d, /usr/lib/sudo, /usr/share/doc/sudo-1.8.25, and /var/{lib,run}/sudo

Short Descriptions


executes a command as another user as permitted by the /etc/sudoers configuration file.


is a symlink to sudo that implies the -e option to invoke an editor as another user.


is used to play back or list the output logs created by sudo.


allows for safer editing of the sudoers file.

Last updated on 2018-09-23 10:33:20 -0700