[sudo-users] Warning email when listing sudo perms
Paul Cantle
paul at cantle.me
Tue Dec 1 19:30:34 MST 2015
Hi all,
According to the sudoers manual (man 5 sudoers), it says the following:
Note that mail will not be sent if an unauthorized user tries to run sudo with the -l or -v option. This allows users to determine for themselves whether or not they are allowed to use sudo.
In my environment, sudoers is only read from LDAP via SSSD (controlled with /etc/nsswitch.conf). So the local file of /etc/sudoers is never referenced. To that end, non-ldap users are unable to run sudo (this is perfect for me). However, on occasion, I require root (which is obviously a local user) to run “sudo –l –U <user>” to see what perms, etc that <user> has.
Even though the command is returned successfully, I still get a warning email as per the below:
Hostname.domain : Dec 2 02:25:55 : root : TTY=pts/1 ; PWD=/some/directory ; USER=root ; COMMAND=list
As far as the man page is concerned (certainly for using /etc/sudoers), this shouldn’t be happening. I figure, even with LDAP, this should be the case also.
Can anyone shed any light or let me know how I can stop the emails? I’ve tried multiple sudoOptions within the sudo container for the root user with zero results. Or if this is indeed a bug (if LDAP should work the same), then please let me know.
System details below:
Sudo version 1.8.6p7
O/S CentOS 7
SSSD version 1.12.2
Thanks
Paul
More information about the sudo-users
mailing list