[sudo-users] troubleshooting with logs

Fabrice Schuler fabrice.schuler at ferma.fr
Tue Jul 19 12:05:18 EDT 2005


I am currently running sudo 1.6.8p5 on solaris 5.7, and I have 
troubleshootings analyzing the logs.

My problem is on the field TTY :
For most of users, it corresponds to their TTY, which is what I want - 
it's OK then.

But I have problems wih a daemon calling sudo. This daemon has no tty.

On the first times (I would say for a couple of weeks), the TTY logged 
in sudo logs was "console"
My problem is that this tty is reserved for the console, and, according 
to all the documentation I could find on the web, it is not possible to 
attach a process to this tty if not logged on the console (which is not 
the case - I am certain of that)...
I agree this may not come from sudo, but if somebody ever had the same 
problem, or may know where it comes from or what I did for this to 
happen, I prefer to ask.

For the moment, the tty logged is "unknown". Is it correct for a daemon 
to be logged with this TTY (I guess so, but as I said, I could not find 
any documentation about this) ?

Sample from the logfile :

Jul 19 16:48:12 2005 : user1 : HOST=machine : TTY=unknown ; 
PWD=/var/opt/directory/cores/ftc ; USER=user2 ; COMMAND=/bin/ksh -c . 
/export/home/user2/.profile >/dev/null 2>&1 ; export/home/user2/tata.ksh 
 >/dev/null 2>&1 ; /opt/directory/sbin/ftcreport 1795193362 3 751458 
tata $? >/dev/null 2>&1 >/dev/null 2>&1

Last question : could anybody tell me exactly when the TTY field will be 
set to "unknown" in the logs ?

Thanks in advance, hopping my questions were clear enough to obtain an 

More information about the sudo-users mailing list