[sudo-users] Deny all command on /var/log/sudolog

Jordi Espasa Clofent jespasac at minibofh.org
Wed Aug 5 03:49:47 EDT 2009

Hi list,

I've a LDAP+sudo working like a charm.  The sudo configuration of Ivan 
user is:

# sudo -l
User ivan may run the following commands on this host:

LDAP Role: hosting_sat

I want to deny all possible operation on /var/log/sudolog. I've tried 
(withou success) the next combination/syntax:

	!ALL /var/log/sudolog
	* /var/log/sudo/log

Even I've tried to modify the



/usr/bin* !/var/log/sudolog

¿How to do it?

Jordi Espasa Clofent

More information about the sudo-users mailing list