[sudo-workers] Question on new sudo feature of "logging further sudo commands"
Todd C. Miller
Todd.Miller at courtesan.com
Tue Sep 14 18:43:45 EDT 2004
In message <200409142213.QAA07452 at lama.ast.lmco.com>
so spake "Alek O. Komarnitsky (N-CSC)" (alek):
> I'm just starting to play around with 1.6.8 (thanx for another nice
> looking release Todd that compiles/installs super-duper easy) ... and
> one of the new features that excited me was:
> If sudo is used to run as root shell, further sudo commands will be
> logged as run by the user specified by the SUDO_USER environment variable.
> When I first read this, I thought "way cool - if someone does a 'sudo csh'"
> than I'll know what they do after that ... but all I saw in syslog was
> the csh and nothing else.
I wish. To do this basically requires having a hook into the exec
family of system calls. On OSes with the "systrace" policy-based
monitoring facilty this should be possible, though I've not yet
tried to do it.
> I re-read it for the third time ... and now I believe it means that if I
> am root and run sudo, it will log the original user (if determineable
> via the SUDO_USER variable) for any commands rather than root.
More information about the sudo-workers