decay at flash.net
Thu Jan 11 09:53:51 EST 2001
> I have a logfile setup, and I can tell when an authorized user executes a
> sudo -s, but once they have the shell, the log doesn't log any commands. In
> other words, I can see if a user ran the shell, but I can't see what was
> done while they had the shell.
sudo is doing exactly what it should - it's logging the command that was executed. sudo wasn't designed to give you a step-by-step trace of the user's activity, should you allow the user to run a shell via sudo. If you want to know what a user did, you could try to set something up to archive their shell history. Remember that sudo is command oriented - it's made to allow users to run a specific set of commands as one or more different users.
mailto:decay at flash.net
"Keep the wheels rolling." - Anonymous traffic prophet
More information about the sudo-users