[sudo-users] proposed mail_always behavior change
Tim Bradshaw
tfb at tfeb.org
Thu Feb 12 11:08:51 MST 2015
On 2 Feb 2015, at 20:44, Todd C. Miller <Todd.Miller at courtesan.com> wrote:
>
> I propose that "mail_always" only send mail when an actual command
> (or sudoedit) is attempted, or when the user fails to authenticate
> themselves. This should more useful behavior but I wanted to see
> if anyone on the list actually uses mail_always and depends on
> seeing mail for the the "list" and "validate" operations.
I don't but I can imagine cases where people might: for instance if they're using mail as a surrogate for logging and are interested (for instance) in a user running sudo -l across many machines to look for 'interesting' sudoers files (ones with security problems).
I don't have strong feelings, but would it be possible to
- make the change to mail_always as you specify;
- add a mail_obsessively (or some better name) flag which does what mail_always now does.?
--tim
More information about the sudo-users
mailing list