sudoscriptd/sudoshell

hbo at egbok.com hbo at egbok.com
Mon Mar 25 18:23:22 EST 2002


I have users who refuse to give up root because we won't let them run shells
with sudo. Our concern is for the audit trail, of course. I thought about
it a little, and came up with a pair of Perl scripts. The first opens a fifo
and hangs around waiting for someone to write to it. The second runs script
with the fifo as the output file. Together they provide an imperfect but
perhaps effective solution to the problem.

The scripts are called 'sudoscriptd' and 'sudoshell'. They are available at
http://www.egbok.com/sudoscript. I'm hoping some on this list may find them
useful, and that some of them may provide feedback on the design and
implementation. The sudoshell script currently restricts itself to running
on solaris and linux. This is due to the variable syntax of the script command
on these platforms. Also, the solaris code assumes that gzip is on the path.
This is true for Solaris 8, but not earlier versions.

The idea of using script came from Alex Griffiths. Thanks, dag!


--
Howard Owen                      "Even if you are on the right
EGBOK Consultants                 track, you'll get run over if you
hbo at egbok.com    +1-650-339-5733  just sit there." - Will Rogers



More information about the sudo-users mailing list