[sudo-users] Logging a Mandatory Comment with Each Use of sudo

handrews at worldbank.org handrews at worldbank.org
Wed Sep 13 16:41:13 EDT 2006

My department is tightening up its auditing of the use of privileged accounts
accessed via sudo.  Management is concerned that application administrators can
so casually sudo into the administrative accounts without having to log some
kind of explanation of what they're up to.

Apologies in advance if this question has already been raised, but does sudo
have the capability to require an interactive user to enter some kind of message
upon successful authentication?  This message, maybe just a line of text
(supplied as a command line argument or on the standard input), would be written
to sudo's logs along with all of the other, usual logging information.

Or would enhanced logging functionality belong not in sudo itself but in some
other piece invoked by sudo?

Again, sorry if this subject is old hat.



More information about the sudo-users mailing list