sudo logging

Dana Kaempen decay at
Thu Jan 11 09:53:51 EST 2001

Joe wrote:
> I have a logfile setup, and I can tell when an authorized user executes a
> sudo -s, but once they have the shell, the log doesn't log any commands. In
> other words, I can see if a user ran the shell, but I can't see what was
> done while they had the shell.
sudo is doing exactly what it should - it's logging the command that was executed.  sudo wasn't designed to give you a step-by-step trace of the user's activity, should you allow the user to run a shell via sudo.  If you want to know what a user did, you could try to set something up to archive their shell history.  Remember that sudo is command oriented - it's made to allow users to run a specific set of commands as one or more different users.


mailto:decay at
"Keep the wheels rolling." - Anonymous traffic prophet

More information about the sudo-users mailing list