sudo log file

Matthew Hannigan mlh at
Mon Aug 26 10:23:49 EDT 2002

David Brock wrote:
> Hope somebody can help,
> After allowing a user to run as root whats  to stop him/her doing things as
> root and then deleting the log file resulting in no audit trail.
> I tried this myself and I was able to remove the  /var/log/sudo.log    file
> where my default logging is done. Any work around would be greatly
> appreciated.

There's nothing at all to stop them if you
give them shell or equivalent.(1).

There's two modes to using sudo;

1. one as a convenience so you don't have to
remember root passwords, and to provide a log
amongst relatively trusting admins.

2. Where you don't trust the user of
sudo, you have to be extremely careful in exactly
what you put in sudoers.  This typically involves
writing wrappers for every single command.

(1)  and the list of equivalents is surprisingly

More information about the sudo-users mailing list