sudo-users digest, Vol 1 #253 - 1 msg

Matthew Hannigan mlh at zip.com.au
Thu Nov 1 13:29:10 EST 2001 

That's a common sudo misunderstanding.
There should be something in the FAQ for it.


bruno.gallant at ps.ge.com wrote:
> 
> Hello,
> 
> You indirectly answered my question.  I was under the impression that an
> authorized user doing a sudo -s would have all the subsequent commands in
> that shell logged.
> 
> So I misunderstood how the logging works, and now that I use it properly,
> everything looks normal.
> 
> thanks Alek and Dana!
> 
> -----Original Message-----
> From: Alek O. Komarnitsky (N-CSC) [mailto:alek at ast.lmco.com]
> Sent: 31 octobre, 2001 15:36
> To: Gallant, Bruno (PS, Contractor, Hydro); sudo-users at courtesan.com
> Subject: RE: sudo-users digest, Vol 1 #253 - 1 msg
> 
> Why bother using sudo if you are going to do "sudo tcsh"
> sudo logged the command ... after that, you are on your own!
> 
> You can restrict this from occurring if you specify
> a list of commands, but for sysadmins, you probably
> have to do an "ALL" ... and it's not practical to
> try to close all the "root shell" holes that exist.
> 
> So some simple education is probably in order;
> I've found three different types of admins on this issue:
>    1. The "really good" ones who would NEVER do an "sudo tcsh"
>       or other type of monkey business because we WANT what we
>       do to be logged (typo's and all).
> 
>    2. The "newbie" Sysadmins - if one of the above admins tells
>       them never to do "sudo tcsh" (or sudo su -), then that's
>       good enough for them. Start these folks with good habits!   ;-)
> 
>    3. The "I've been around a while and I know this stuff, so I'll
>       just do what I damn well please" Sysadmins ... for these people,
>       I'd take away the root password and restrict them to a command set
>       until they get with the program. Yep, that's MUCH easier said than
> done!
>       Note that these people probably don't like sudo in the first place;
>       "I've also done a `su -` so what's wrong with that?!?"
> 
> BTW, I would also STRONGLY discourage group accounts (sysadmin in
> the example below?) from having unrestricted sudo access, this
> somewhat defeats the purpose of personal accountability.
> 
> alek
> 
> > From: bruno.gallant at ps.ge.com
> > Subject: RE: sudo-users digest, Vol 1 #253 - 1 msg
> > To: sudo-users at courtesan.com
> >
> >
> > I tried that, but same thing, when logging in, it gives a line like:
> >
> > Oct 31 15:16:12 : sysadmin : TTY=ttyq0 ; PWD=/root ; USER=root ;
> > COMMAND=/bin/tcsh
> >
> > but no further commands, even if I vi files, cd everywhere, etc.
> >
> > thanks for your help!
> >
> > -----Original Message-----
> > From: Dana Kaempen [mailto:decay at flash.net]
> > Sent: 31 octobre, 2001 14:31
> > To: sudo-users at courtesan.com
> > Subject: Re: sudo-users digest, Vol 1 #253 - 1 msg
> >
> >
> > Bruno asked:
> > > I just installed sudo, and trying it out.  When a user logs with it, an
> > > entry log is sent to the syslog file of the configured syslog host, but
> no
> > > commands entered by the user is sent.
> > You need a line like the following in /etc/sudoers to log user commands:
> > Defaults       logfile=/var/adm/sudo.log
> >
> > Also, you *may* need to create the file by typing this to create a blank
> > file:
> > >/var/adm/sudo.log
> >
> > Works like a charm
> > --
> > ..d..ecay
> >
> > mailto:decay at flash.net
> ____________________________________________________________
> sudo-users mailing list <sudo-users at courtesan.com>
> For list information, options, or to unsubscribe, visit:
> http://www.courtesan.com/mailman/listinfo/sudo-users

More information about the sudo-users mailing list