[sudo-users] Overriding default options in defined in LDAP

en_ferro at tiscali.it en_ferro at tiscali.it
Wed Feb 27 11:29:03 EST 2008


first of all, thanks to everybody contributed to sudo. We are using with using sudo 
1.6.9p12 + LDAP in different platforms with success (HP-UX, Solaris and Linux), but I have 
just discovered a strange behaviour about the /etc/sudoers.

A default value for the parameter logfile was defined in the LDAP, so all systems should 
use the same file to trace the sudo activities. Unfortunately the path chosen for the log is 
not ok for Linux (/var/adm/sudo.log). So I forced a more linux-compliant path using 
/etc/sudoers with:

Defaults        logfile=/var/log/sudo.log

This should works fine, because the options in /etc/sudoers overrides the ones present in 
the LDAP. Unfortunately the /var/log/sudo.log log is updated only if the user types a wrong 
command (not authorized), while if an authorized command is run, sudo tries to update the 
wrong logfile defined in the LDAP server.

So it seems that the /etc/sudoers is not always read.

For this reason a mail is sent to root every time a command is run, reporting that
the log specified is wrong:

lxi11 : Feb 27 16:05:16 2008 : opcmac : Can't open log file: /var/adm/sudo.log: No such file or directory


thanks in advance,
best regards,

Tutto Incluso: Telefono+Adsl a traffico illimitato a soli 4,95 Euro al mese fino al 28/02/2008.

More information about the sudo-users mailing list