[sudo-users] Overriding default options in defined in LDAP
en_ferro at tiscali.it
en_ferro at tiscali.it
Wed Feb 27 11:29:03 EST 2008
Hello,
first of all, thanks to everybody contributed to sudo. We are using with using sudo
1.6.9p12 + LDAP in different platforms with success (HP-UX, Solaris and Linux), but I have
just discovered a strange behaviour about the /etc/sudoers.
A default value for the parameter logfile was defined in the LDAP, so all systems should
use the same file to trace the sudo activities. Unfortunately the path chosen for the log is
not ok for Linux (/var/adm/sudo.log). So I forced a more linux-compliant path using
/etc/sudoers with:
Defaults logfile=/var/log/sudo.log
This should works fine, because the options in /etc/sudoers overrides the ones present in
the LDAP. Unfortunately the /var/log/sudo.log log is updated only if the user types a wrong
command (not authorized), while if an authorized command is run, sudo tries to update the
wrong logfile defined in the LDAP server.
So it seems that the /etc/sudoers is not always read.
For this reason a mail is sent to root every time a command is run, reporting that
the log specified is wrong:
lxi11 : Feb 27 16:05:16 2008 : opcmac : Can't open log file: /var/adm/sudo.log: No such file or directory
Suggestions?
thanks in advance,
best regards,
________________________________________________________________________
Tutto Incluso: Telefono+Adsl a traffico illimitato a soli 4,95 Euro al mese fino al 28/02/2008.
http://abbonati.tiscali.it/promo/tuttoincluso/
More information about the sudo-users
mailing list