[sudo-users] I need help with sudoers..
Singh, Radesh (GTS)
Radesh_Singh at ml.com
Mon Jan 26 08:28:19 EST 2009
Guys, not sure what's preventing you from using sudoshell as a mechanism
of logging everything occurring while using sudo.
Maybe I'm missing what you were trying to do.
I understood your post to mean that you want to be able to have
comprehensive logging of everything occurring when a user is using sudo
to root. sudoshell will allow this for you.
Thanks,
Shawn Singh
NJUNIX/GWM UNIX
(904) 218-4096
- My name ain't chump, it's <insert_name_here>
From: Manjunatha, Jamuna [mailto:Jamuna.Manjunatha at ironmountain.com]
Sent: Sunday, January 25, 2009 12:22 PM
To: Pidugu Vijaya; Singh, Radesh (GTS); sudo-users at sudo.ws
Subject: RE: [sudo-users] I need help with sudoers..
Yes, agreed...
That is the only best option..
Thanks a lot!!!
________________________________
From: Pidugu Vijaya [mailto:Vijaya.Pidugu at sig.com]
Sent: Sun 1/25/2009 9:11 AM
To: Manjunatha, Jamuna; 'Radesh_Singh at ml.com'; 'sudo-users at sudo.ws'
Subject: Re: [sudo-users] I need help with sudoers..
You cannot do this. The only way to achieve this is by forcing the user
to use sudo in front of every command he or she needs to run as root.
For that you have to prevent the user from getting root shell which is
pretty easy!
----- Original Message -----
From: sudo-users-bounces at courtesan.com
<sudo-users-bounces at courtesan.com>
To: Singh, Radesh (GTS) <Radesh_Singh at ml.com>; sudo-users at sudo.ws
<sudo-users at sudo.ws>
Sent: Fri Jan 23 15:13:24 2009
Subject: Re: [sudo-users] I need help with sudoers..
I tried this, but I have linux so no luck...
Thanks so much!!
-----Original Message-----
From: Singh, Radesh (GTS) [mailto:Radesh_Singh at ml.com]
Sent: Thursday, January 22, 2009 12:47 PM
To: Manjunatha, Jamuna; sudo-users at sudo.ws
Subject: RE: [sudo-users] I need help with sudoers..
If you were using sudoshell, you'd just add the ability for your users
to run the sudoshell command or ss command to your sudoers file.
For instance, say you've got:
Cmnd_Alias SUDO_ROOT = /usr/bin/sudoshell -u root
You could have:
%groupname|username ALL=(root) NOPASSWD: SUDO_ROOT
With that, your user would be able to run sudoshell as root, and it
would log everything.
In Solaris 10, I see it the logs being written to /var/log/sudoscript.
Thanks,
Shawn Singh
NJUNIX/GWM UNIX
(904) 218-4096
- My name ain't chump, it's <insert_name_here>
-----Original Message-----
From: Manjunatha, Jamuna [mailto:Jamuna.Manjunatha at ironmountain.com]
Sent: Thursday, January 22, 2009 12:41 PM
To: Singh, Radesh (GTS); sudo-users at sudo.ws
Subject: RE: [sudo-users] I need help with sudoers..
I am not sure I understand.
What changes I need to make in the /etc/sudoers file??
Please let me know..
Thanks
-----Original Message-----
From: Singh, Radesh (GTS) [mailto:Radesh_Singh at ml.com]
Sent: Thursday, January 22, 2009 12:39 PM
To: Manjunatha, Jamuna; sudo-users at sudo.ws
Subject: RE: [sudo-users] I need help with sudoers..
I don't know if this is good for your purposes, but sudoshell works
nicely for recording everything that is typed.
Shawn Singh
NJUNIX/GWM UNIX
(904) 218-4096
- My name ain't chump, it's <insert_name_here>
-----Original Message-----
From: sudo-users-bounces at courtesan.com
[mailto:sudo-users-bounces at courtesan.com] On Behalf Of Manjunatha,
Jamuna
Sent: Wednesday, January 21, 2009 12:06 PM
To: sudo-users at sudo.ws
Subject: [sudo-users] I need help with sudoers..
Importance: High
Hi all,
I am trying to setup a sudo..
Your website helped me a lot..
Now I want to see the sudoers activity in the logs:
1) first a user logs in
2) He types "sudo bash" & gets sudo privileges
3) Then he creates a directory under /root
4) Then he deletes it
My question is How can make EVERY entry from the user gets logged into
/var/log/sudolog
Right now only the first two steps get logged in /var/log/sudolog but I
want ALL the activity like deleting a file, creating a file, etc.
Please help...
Thanks so much in advance.
Jamuna
The information contained in this email message and its attachments
is intended
only for the private and confidential use of the recipient(s) named
above, unless the sender expressly agrees otherwise. Transmission
of email over the Internet
is not a secure communications medium. If you are requesting or
have requested
the transmittal of personal data, as defined in applicable privacy
laws by means
of email or in an attachment to email you must select a more
secure alternate means of transmittal that supports your
obligations to protect such personal data. If the reader of this
message is not the intended recipient and/or you have received this
email in error, you must take no action based on the information in
this email and you are hereby notified that any dissemination,
misuse, copying, or disclosure of this communication is strictly
prohibited. If you have received
this communication in error, please notify us immediately by email
and delete the original message.
____________________________________________________________
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-users
------------------------------------------------------------------------
--
This message w/attachments (message) may be privileged, confidential or
proprietary, and if you are not an intended recipient, please notify the
sender, do not use or share it and delete it. Unless specifically
indicated, this message is not an offer to sell or a solicitation of any
investment products or other financial product or service, an official
confirmation of any transaction, or an official statement of Merrill
Lynch. Subject to applicable law, Merrill Lynch may monitor, review and
retain e-communications (EC) traveling through its networks/systems. The
laws of the country of each sender/recipient may impact the handling of
EC, and EC may be archived, supervised and produced in countries other
than the country in which you are located. This message cannot be
guaranteed to be secure or error-free. References to "Merrill Lynch" are
references to any company in the Merrill Lynch & Co., Inc. group of
companies, which are wholly-owned by Bank of America Corporation.
Securities and Insurance Products: * Are Not FDIC Insured * Are Not Bank
Guaranteed * May Lose Value * Are Not a Bank Deposit * Are Not a
Condition to Any Banking Service or Activity * Are Not Insured by Any
Federal Government Agency. Attachments that are part of this
E-communication may have additional important disclosures and
disclaimers, which you should read. This message is subject to terms
available at the following link:
http://www.ml.com/e-communications_terms/. By messaging with Merrill
Lynch you consent to the foregoing.
------------------------------------------------------------------------
--
____________________________________________________________
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-users
IMPORTANT: The information contained in this email and/or its
attachments is confidential. If you are not the intended recipient,
please notify the sender immediately by reply and immediately delete
this message and all its attachments. Any review, use, reproduction,
disclosure or dissemination of this message or any attachment by an
unintended recipient is strictly prohibited. Neither this message nor
any attachment is intended as or should be construed as an offer,
solicitation or recommendation to buy or sell any security or other
financial instrument. Neither the sender, his or her employer nor any of
their respective affiliates makes any warranties as to the completeness
or accuracy of any of the information contained herein or that this
message or any of its attachments is free of viruses.
More information about the sudo-users
mailing list