sudo-users digest, Vol 1 #263 - 4 msgs

Dana Kaempen decay at flash.net
Thu Dec 6 18:30:24 EST 2001


Todd C. Miller wrote:
> In recent versions of sudo you can do the following:
> 
> Defaults                logfile=/var/adm/sudo.log
> Defaults:john           logfile=/usr/local/log/sudo.john
> Defaults:jane           logfile=/usr/local/log/sudo.jane
Well, this does work as requested.  Perfectly.  But upon testing, it
became clear that I requested the wrong type of logging.  I'm actually
interested in logging by the sudo'd user, not the sudoer.  All the root
commands I still want logged to the default of /var/adm/sudo.log; but
for specific users that we sudo *into* I'd like to log to a different
file.  We may have multiple people su'g into the same couple of users. 
We want all the commands that su into a specific (non-root) user to end
up in a log file named for that specific user.  I asked the wrong
question yesterday - sorry about that.

Examples:

User      Command                    Desired logfile
====      =======                    ===============
john      sudo kill 9955             /var/adm/sudo.log
john      sudo -u produser job1      /usr/local/log/produser
jane      sudo -u tester job755      /usr/local/log/tester
jane      sudo qadm -D PrdLJ4        /var/adm/sudo.log

Can this be done?

Thanks again,
Dana
-- 
..d..ecay

mailto:decay at flash.net
------------------------
"Keep the wheels rolling." - Anonymous traffic prophet





More information about the sudo-users mailing list