[sudo-workers] Question on new sudo feature of "logging further sudo commands"

Alek O. Komarnitsky (N-CSC) alek at ast.lmco.com
Tue Sep 14 18:13:44 EDT 2004

I'm just starting to play around with 1.6.8 (thanx for another nice
looking release Todd that compiles/installs super-duper easy) ... and
one of the new features that excited me was:
   If sudo is used to run as root shell, further sudo commands will be 
   logged as run by the user specified by the SUDO_USER environment variable. 

When I first read this, I thought "way cool - if someone does a 'sudo csh'"
than I'll know what they do after that ... but all I saw in syslog was
the csh and nothing else.

I then re-read it and thought it meant if I do a "sudo -s" that commands
after that would be logged ... but again, that didn't work.

I re-read it for the third time ... and now I believe it means that if I
am root and run sudo, it will log the original user (if determineable 
via the SUDO_USER variable) for any commands rather than root.

We actually disable sudo via root (as a further discouragement from
using root shells) but when I recompiled with this turned off, it did
what I (finally) believe it should do ... 

So I think I figured it out ... some of you are probably saying DUHH!
but thought I'd post anyway in case it was helpful to others and/or
maybe I still don't get it!   ;-)


P.S. I maybe should rethink disabling root-sudo, since with this feature,
you have pretty decent accountability.

More information about the sudo-workers mailing list