[sudo-users] sudoreplay does not honour iolog_dir
Todd C. Miller
Todd.Miller at sudo.ws
Wed May 26 10:38:01 MDT 2021
On Wed, 26 May 2021 09:59:11 -0500, Albert Chin wrote:
> Is there a reason for this? I can understand sudoers being
> out-of-scope for sudoreplay but it seems that if you can alter the
> compiled-in value through some config file (sudo.conf or sudoers), all
> of the sudo tools should be reading this config file. If sudoreplay
> doesn't read sudoers at all, maybe move the iolog settings to
> sudo.conf?
The problem is that the iolog_dir setting in sudoers is not necessarily
global--it can be per-host or per-user/group as well.
Furthermore, if sudo_logsrvd is being used to centralize I/O logs
then the I/O path is configured in sudo_logsrvd.conf, not sudoers.
It might be possible to add a path setting to sudo.conf to set a
default I/O log path which can then be overridden by sudoers or
sudo_logsrvd.conf.
- todd
More information about the sudo-users
mailing list