[sudo-users] Maybe add MAIL:/NOMAIL: tags with mail_all_cmds [Was: proposed mail_always behavior change]

Scott R. Corzine scott at ties.org
Mon Feb 16 15:02:01 MST 2015


Just throwing an idea out here:

I don't know how much additional work it is but a logical related
addition to mail_all_cmnds would be to add MAIL: and NOMAIL: tags to
the Cmnd_Spec. They would override mail_all_cmnds, mail_always, or
defaults on whether to send mail out for a command or not.

This would allow fine tuning of when mail is sent, making it more useful.


Two sample use cases:

* When mailing is the default: NOMAIL: suppressing mail for routine
commands while allowing all other commands to generate mail messages
(greatly reducing traffic).

* When no mail is the default: MAIL: sending mail notification for
specific commands. This might be because these are considered major
changes meriting others' attention, dangerous commands (e.g. vi
sudoers), deprecated commands, bad habits ("sudo su -" as their only
command), etc.


Explanations:

Often authorized major users having ALL rights (sysadmins, DBAs, etc)
issue inappropriate versions of commands, often by habit/rote without
really thinking of using the better way, even though they' know it.
How-tos found via searches can contain common bad suggestions (like
kill -9 on the Oracle pids or plain reboot on production systems).

Being able to flag these commands with MAIL: before their ALL would
allow for guidance or social pressure for people issuing some of the
wrong commands/forms.  Authorized users in this case are unlikely to
be malicious and try to subvert these MAIL: rules "out of habit" or
because "they forgot to notify the team". This is unlike the periodic
request for controlling access with !su and ALL.

You could try to do some of this with Defaults ! Cmnd_List but you
can't combine it with host & user controls, changes to the commands
would be in different places in the files and prone to being
forgotten.


Thoughts?
-Scott-

On Sun, Feb 15, 2015 at 10:14 PM, Todd C. Miller
<Todd.Miller at courtesan.com> wrote:
> On Thu, 12 Feb 2015 18:13:04 -0500, "Scott R. Corzine" wrote:
>
>> Ok, I'll ask for it, but a step farther:
>>
>> * Keep mail_always as it is (including list & validate).
>> * Introduce mail_usually (or something) with the proposed semantics.
>
> For sudo 1.8.12p1 I'm considering adding a mail_all_cmnds to send
> mail any time someone runs a command via sudo, whether sucessfully
> or not.  That's what most people seem to actually want, and then
> mail_always can go back to its old semantics.
>
>  - todd


More information about the sudo-users mailing list