sudoscriptd/sudoshell
hbo at egbok.com
hbo at egbok.com
Mon Mar 25 18:23:22 EST 2002
I have users who refuse to give up root because we won't let them run shells
with sudo. Our concern is for the audit trail, of course. I thought about
it a little, and came up with a pair of Perl scripts. The first opens a fifo
and hangs around waiting for someone to write to it. The second runs script
with the fifo as the output file. Together they provide an imperfect but
perhaps effective solution to the problem.
The scripts are called 'sudoscriptd' and 'sudoshell'. They are available at
http://www.egbok.com/sudoscript. I'm hoping some on this list may find them
useful, and that some of them may provide feedback on the design and
implementation. The sudoshell script currently restricts itself to running
on solaris and linux. This is due to the variable syntax of the script command
on these platforms. Also, the solaris code assumes that gzip is on the path.
This is true for Solaris 8, but not earlier versions.
The idea of using script came from Alex Griffiths. Thanks, dag!
--
Howard Owen "Even if you are on the right
EGBOK Consultants track, you'll get run over if you
hbo at egbok.com +1-650-339-5733 just sit there." - Will Rogers
More information about the sudo-users
mailing list