[sudo-workers] Question on new sudo feature of "logging further sudo commands"
Alek O. Komarnitsky (N-CSC)
alek at ast.lmco.com
Tue Sep 14 18:13:44 EDT 2004
I'm just starting to play around with 1.6.8 (thanx for another nice
looking release Todd that compiles/installs super-duper easy) ... and
one of the new features that excited me was:
If sudo is used to run as root shell, further sudo commands will be
logged as run by the user specified by the SUDO_USER environment variable.
When I first read this, I thought "way cool - if someone does a 'sudo csh'"
than I'll know what they do after that ... but all I saw in syslog was
the csh and nothing else.
I then re-read it and thought it meant if I do a "sudo -s" that commands
after that would be logged ... but again, that didn't work.
I re-read it for the third time ... and now I believe it means that if I
am root and run sudo, it will log the original user (if determineable
via the SUDO_USER variable) for any commands rather than root.
We actually disable sudo via root (as a further discouragement from
using root shells) but when I recompiled with this turned off, it did
what I (finally) believe it should do ...
So I think I figured it out ... some of you are probably saying DUHH!
but thought I'd post anyway in case it was helpful to others and/or
maybe I still don't get it! ;-)
P.S. I maybe should rethink disabling root-sudo, since with this feature,
you have pretty decent accountability.
More information about the sudo-workers