[sudo-users] Does NOT result in the creation of sudo IO log directories by user name in /var/log/sudo-io as described in the sudoers manual
Simon K
k_simon78 at yahoo.com
Fri Sep 28 07:32:29 EDT 2012
________________________________
Hi All ,
Machine : HP-UX
Architecture : 11.31
Sudo Version : 1.7.10b1
I
have compiled and installed Sudo version 1.7.10b1 on HP-UX machine and have observed the following behaviors that I believe
are NOT in keeping with the design of the tool:
setting
the following in sudoers:
Defaults
iolog_dir=/var/log/sudo-io/%{user}
does
NOT result in the creation of sudo IO log directories by user name in
/var/log/sudo-io as described in the sudoers manual found here: http://www.gratisoft.us/sudo/man/1.8.6/sudoers.man.html
iolog_dir
The
top-level directory to use when constructing the path name for the input/output
log directory. Only used if the log_input or log_output options are enabled or when
the LOG_INPUT or LOG_OUTPUT tags are present for a command. The session
sequence number, if any, is stored in the directory. The default is
/var/log/sudo-io.
The
following percent (‘%’) escape sequences are supported:
...
%{user}
expanded
to the invoking user's login name
...
As
an example, if a user with the username smitty su's to another username via
sudo with the above setting configured in sudoers, sudo should create a
directory (if it doesn't exist) of /var/log/sudo-io/smitty. The only
thing that gets created in the /var/log/sudo-io directory is a directory called
%{user}. If the directory already exists, I would expect sudo would write
log information to it. The current Sudo implementation does NOT appear
to do either of these things, so I'm wondering if this is a result of some
missing configuration on my part, or if this is an actual known problem with
the Sudo product? Is there some non-standard setting I need to make
somewhere that will enable this to work properly?
Please help , waiting for the response.
Thanks & Regards,
Simon K
More information about the sudo-users
mailing list