Re: Réf._:_how_to_determine_a_proper_sudo_file_contents

john ctr kelly john.ctr.kelly at
Thu Jan 24 10:57:47 EST 2002


     Thanks for your suggestion.  Still somewhat confused as to how to set
up the access to allow this user access to everything.
would something like this
Cmnd_Alias      TESTING   = /*

be the best or is there another better way?



----- Original Message -----
From: <steve.bernier at>
To: "John CTR Kelly" <John_CTR_Kelly_at_AWAATO200-OPSNET2 at>
Cc: <sudo-users at>
Sent: Thursday, January 24, 2002 4:46 AM
Subject: Réf._:_how_to_determine_a_proper_sudo_file_contents

You can add the "logfile" for this user:

Defaults:your_user_id  logfile=/var/adm/sudo.log

I prefer to have long line (no line wrap):

Defaults        loglinelen=0

Change "your_user_id" with the user id of the developper, and the sudo.log
can be anywhere.

In fact in our configuration, we log everything, from every user:

Defaults logfile=/var/adm/sudo.log

Steve Bernier
Équipe UNIX / Direction Traitement Distribué
Le Groupe CGI
Tél: (514) 281-2393
Fax: (514) 285-3405
Internet: steve.bernier at

"john ctr kelly" <john.ctr.kelly at> on 2002-01-24 09:38:43

Envoyé par :   sudo-users-admin at

Pour :    <sudo-users at>
cc :
Objet :   how to determine a proper sudo file contents

Is there a way to allow a user to execute anything and then record what he
is doing so one can set up a proper sudo file.
The developer is taking on a new task and is not sure what he needs access
to.  Since he needs to move rapidly, we dont want to tie his hands by having
him have problems then make a change, test.

    Thanks in advance,

sudo-users mailing list <sudo-users at>
For list information, options, or to unsubscribe, visit:

More information about the sudo-users mailing list