sudo-users digest, Vol 1 #253 - 1 msg
Matthew Hannigan
mlh at zip.com.au
Thu Nov 1 13:29:10 EST 2001
That's a common sudo misunderstanding.
There should be something in the FAQ for it.
bruno.gallant at ps.ge.com wrote:
>
> Hello,
>
> You indirectly answered my question. I was under the impression that an
> authorized user doing a sudo -s would have all the subsequent commands in
> that shell logged.
>
> So I misunderstood how the logging works, and now that I use it properly,
> everything looks normal.
>
> thanks Alek and Dana!
>
> -----Original Message-----
> From: Alek O. Komarnitsky (N-CSC) [mailto:alek at ast.lmco.com]
> Sent: 31 octobre, 2001 15:36
> To: Gallant, Bruno (PS, Contractor, Hydro); sudo-users at courtesan.com
> Subject: RE: sudo-users digest, Vol 1 #253 - 1 msg
>
> Why bother using sudo if you are going to do "sudo tcsh"
> sudo logged the command ... after that, you are on your own!
>
> You can restrict this from occurring if you specify
> a list of commands, but for sysadmins, you probably
> have to do an "ALL" ... and it's not practical to
> try to close all the "root shell" holes that exist.
>
> So some simple education is probably in order;
> I've found three different types of admins on this issue:
> 1. The "really good" ones who would NEVER do an "sudo tcsh"
> or other type of monkey business because we WANT what we
> do to be logged (typo's and all).
>
> 2. The "newbie" Sysadmins - if one of the above admins tells
> them never to do "sudo tcsh" (or sudo su -), then that's
> good enough for them. Start these folks with good habits! ;-)
>
> 3. The "I've been around a while and I know this stuff, so I'll
> just do what I damn well please" Sysadmins ... for these people,
> I'd take away the root password and restrict them to a command set
> until they get with the program. Yep, that's MUCH easier said than
> done!
> Note that these people probably don't like sudo in the first place;
> "I've also done a `su -` so what's wrong with that?!?"
>
> BTW, I would also STRONGLY discourage group accounts (sysadmin in
> the example below?) from having unrestricted sudo access, this
> somewhat defeats the purpose of personal accountability.
>
> alek
>
> > From: bruno.gallant at ps.ge.com
> > Subject: RE: sudo-users digest, Vol 1 #253 - 1 msg
> > To: sudo-users at courtesan.com
> >
> >
> > I tried that, but same thing, when logging in, it gives a line like:
> >
> > Oct 31 15:16:12 : sysadmin : TTY=ttyq0 ; PWD=/root ; USER=root ;
> > COMMAND=/bin/tcsh
> >
> > but no further commands, even if I vi files, cd everywhere, etc.
> >
> > thanks for your help!
> >
> > -----Original Message-----
> > From: Dana Kaempen [mailto:decay at flash.net]
> > Sent: 31 octobre, 2001 14:31
> > To: sudo-users at courtesan.com
> > Subject: Re: sudo-users digest, Vol 1 #253 - 1 msg
> >
> >
> > Bruno asked:
> > > I just installed sudo, and trying it out. When a user logs with it, an
> > > entry log is sent to the syslog file of the configured syslog host, but
> no
> > > commands entered by the user is sent.
> > You need a line like the following in /etc/sudoers to log user commands:
> > Defaults logfile=/var/adm/sudo.log
> >
> > Also, you *may* need to create the file by typing this to create a blank
> > file:
> > >/var/adm/sudo.log
> >
> > Works like a charm
> > --
> > ..d..ecay
> >
> > mailto:decay at flash.net
> ____________________________________________________________
> sudo-users mailing list <sudo-users at courtesan.com>
> For list information, options, or to unsubscribe, visit:
> http://www.courtesan.com/mailman/listinfo/sudo-users
More information about the sudo-users
mailing list