sudo-users digest, Vol 1 #253 - 1 msg

bruno.gallant at bruno.gallant at
Wed Oct 31 16:15:10 EST 2001


You indirectly answered my question.  I was under the impression that an
authorized user doing a sudo -s would have all the subsequent commands in
that shell logged.

So I misunderstood how the logging works, and now that I use it properly,
everything looks normal.

thanks Alek and Dana!

-----Original Message-----
From: Alek O. Komarnitsky (N-CSC) [mailto:alek at]
Sent: 31 octobre, 2001 15:36
To: Gallant, Bruno (PS, Contractor, Hydro); sudo-users at
Subject: RE: sudo-users digest, Vol 1 #253 - 1 msg

Why bother using sudo if you are going to do "sudo tcsh"
sudo logged the command ... after that, you are on your own!

You can restrict this from occurring if you specify
a list of commands, but for sysadmins, you probably 
have to do an "ALL" ... and it's not practical to 
try to close all the "root shell" holes that exist.

So some simple education is probably in order;
I've found three different types of admins on this issue:
   1. The "really good" ones who would NEVER do an "sudo tcsh"
      or other type of monkey business because we WANT what we
      do to be logged (typo's and all). 

   2. The "newbie" Sysadmins - if one of the above admins tells
      them never to do "sudo tcsh" (or sudo su -), then that's
      good enough for them. Start these folks with good habits!   ;-)

   3. The "I've been around a while and I know this stuff, so I'll
      just do what I damn well please" Sysadmins ... for these people,
      I'd take away the root password and restrict them to a command set
      until they get with the program. Yep, that's MUCH easier said than
      Note that these people probably don't like sudo in the first place;
      "I've also done a `su -` so what's wrong with that?!?"

BTW, I would also STRONGLY discourage group accounts (sysadmin in
the example below?) from having unrestricted sudo access, this
somewhat defeats the purpose of personal accountability.


> From: bruno.gallant at
> Subject: RE: sudo-users digest, Vol 1 #253 - 1 msg
> To: sudo-users at
> I tried that, but same thing, when logging in, it gives a line like:
> Oct 31 15:16:12 : sysadmin : TTY=ttyq0 ; PWD=/root ; USER=root ;
> COMMAND=/bin/tcsh
> but no further commands, even if I vi files, cd everywhere, etc.
> thanks for your help!
> -----Original Message-----
> From: Dana Kaempen [mailto:decay at]
> Sent: 31 octobre, 2001 14:31
> To: sudo-users at
> Subject: Re: sudo-users digest, Vol 1 #253 - 1 msg
> Bruno asked:
> > I just installed sudo, and trying it out.  When a user logs with it, an
> > entry log is sent to the syslog file of the configured syslog host, but
> > commands entered by the user is sent.
> You need a line like the following in /etc/sudoers to log user commands:
> Defaults       logfile=/var/adm/sudo.log
> Also, you *may* need to create the file by typing this to create a blank
> file:
> >/var/adm/sudo.log
> Works like a charm
> -- 
> ..d..ecay
> mailto:decay at

More information about the sudo-users mailing list