[sudo-users] proposed mail_always behavior change
Todd C. Miller
Todd.Miller at courtesan.com
Mon Feb 2 13:44:14 MST 2015
Currently, when the mail_always option is enabled, mail will be
sent even for non-commands like "sudo -l", "sudo -l command" and
"sudo -v". This can lead to a bunch of useless messages if what
you really want is to see when someone runs an actual command.
I propose that "mail_always" only send mail when an actual command
(or sudoedit) is attempted, or when the user fails to authenticate
themselves. This should more useful behavior but I wanted to see
if anyone on the list actually uses mail_always and depends on
seeing mail for the the "list" and "validate" operations.
Unless I hear otherwise, I plan to make the change in sudo 1.8.12.
The new description is as follows:
mail_always Send mail to the mailto user every time a user
attempts to run a command via sudo. Mail will be
sent for both successful and unsuccessful attempts.
No mail will be sent if the user runs sudo with the
-l or -v option unless there is an authentication
error. This flag is off by default.
More information about the sudo-users