sudo log file
Matthew Hannigan
mlh at zip.com.au
Mon Aug 26 10:23:49 EDT 2002
David Brock wrote:
> Hope somebody can help,
> After allowing a user to run as root whats to stop him/her doing things as
> root and then deleting the log file resulting in no audit trail.
> I tried this myself and I was able to remove the /var/log/sudo.log file
> where my default logging is done. Any work around would be greatly
> appreciated.
There's nothing at all to stop them if you
give them shell or equivalent.(1).
There's two modes to using sudo;
1. one as a convenience so you don't have to
remember root passwords, and to provide a log
amongst relatively trusting admins.
2. Where you don't trust the user of
sudo, you have to be extremely careful in exactly
what you put in sudoers. This typically involves
writing wrappers for every single command.
Regards,
Matt
(1) and the list of equivalents is surprisingly
large.
More information about the sudo-users
mailing list