[sudo-users] I need help with sudoers..

Singh, Radesh (GTS) Radesh_Singh at ml.com
Thu Jan 22 12:46:59 EST 2009 

If you were using sudoshell, you'd just add the ability for your users
to run the sudoshell command or ss command to your sudoers file.

For instance, say you've got:

Cmnd_Alias SUDO_ROOT = /usr/bin/sudoshell -u root

You could have:

%groupname|username ALL=(root) NOPASSWD: SUDO_ROOT

With that, your user would be able to run sudoshell as root, and it
would log everything.
In Solaris 10, I see it the logs being written to /var/log/sudoscript.

Thanks,

Shawn Singh
NJUNIX/GWM UNIX
(904) 218-4096

- My name ain't chump, it's <insert_name_here>


-----Original Message-----
From: Manjunatha, Jamuna [mailto:Jamuna.Manjunatha at ironmountain.com] 
Sent: Thursday, January 22, 2009 12:41 PM
To: Singh, Radesh (GTS); sudo-users at sudo.ws
Subject: RE: [sudo-users] I need help with sudoers..

I am not sure I understand.

What changes I need to make in the /etc/sudoers file??

Please let me know..

Thanks

-----Original Message-----
From: Singh, Radesh (GTS) [mailto:Radesh_Singh at ml.com] 
Sent: Thursday, January 22, 2009 12:39 PM
To: Manjunatha, Jamuna; sudo-users at sudo.ws
Subject: RE: [sudo-users] I need help with sudoers..

I don't know if this is good for your purposes, but sudoshell works
nicely for recording everything that is typed.

Shawn Singh
NJUNIX/GWM UNIX
(904) 218-4096

- My name ain't chump, it's <insert_name_here>


-----Original Message-----
From: sudo-users-bounces at courtesan.com
[mailto:sudo-users-bounces at courtesan.com] On Behalf Of Manjunatha,
Jamuna
Sent: Wednesday, January 21, 2009 12:06 PM
To: sudo-users at sudo.ws
Subject: [sudo-users] I need help with sudoers..
Importance: High

Hi all,

 

I am trying to setup a sudo..

 

Your website helped me a lot..

 

Now I want to see the sudoers activity in the logs:

 

1)       first a user logs in

2)       He types "sudo bash" & gets sudo privileges

3)       Then he creates a directory under /root

4)       Then he deletes it

 

My question is How can make EVERY entry from the user gets logged into
/var/log/sudolog

 

Right now only the first two steps get logged in /var/log/sudolog but I
want ALL the activity like deleting a file, creating a file, etc.

 

Please help...

 

Thanks so much in advance.

 

Jamuna

 



The information contained in this email message and its attachments
is intended
only for the private and confidential use of the recipient(s) named
above, unless the sender expressly agrees otherwise. Transmission
of email over the Internet
 is not a secure communications medium. If you are requesting or
have requested
the transmittal of personal data, as defined in applicable privacy
laws by means
 of email or in an attachment to email you must select a more
secure alternate means of transmittal that supports your
obligations to protect such personal data. If the reader of this
message is not the intended recipient and/or you have received this
email in error, you must take no action based on the information in
this email and you are hereby notified that any dissemination,
misuse, copying, or disclosure of this communication is strictly
prohibited. If you have received
this communication in error, please notify us immediately by email
and delete the original message.
____________________________________________________________ 
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-users

------------------------------------------------------------------------
--
This message w/attachments (message) may be privileged, confidential or
proprietary, and if you are not an intended recipient, please notify the
sender, do not use or share it and delete it. Unless specifically
indicated, this message is not an offer to sell or a solicitation of any
investment products or other financial product or service, an official
confirmation of any transaction, or an official statement of Merrill
Lynch. Subject to applicable law, Merrill Lynch may monitor, review and
retain e-communications (EC) traveling through its networks/systems. The
laws of the country of each sender/recipient may impact the handling of
EC, and EC may be archived, supervised and produced in countries other
than the country in which you are located. This message cannot be
guaranteed to be secure or error-free. References to "Merrill Lynch" are
references to any company in the Merrill Lynch & Co., Inc. group of
companies, which are wholly-owned by Bank of America Corporation.
Securities and Insurance Products: * Are Not FDIC Insured * Are Not Bank
Guaranteed * May Lose Value * Are Not a Bank Deposit * Are Not a
Condition to Any Banking Service or Activity * Are Not Insured by Any
Federal Government Agency. Attachments that are part of this
E-communication may have additional important disclosures and
disclaimers, which you should read. This message is subject to terms
available at the following link:
http://www.ml.com/e-communications_terms/. By messaging with Merrill
Lynch you consent to the foregoing.
------------------------------------------------------------------------
--

More information about the sudo-users mailing list