[sudo-workers] Question on new sudo feature of "logging further sudo commands"

Todd C. Miller Todd.Miller at courtesan.com
Tue Sep 14 18:43:45 EDT 2004

In message <200409142213.QAA07452 at lama.ast.lmco.com>
	so spake "Alek O. Komarnitsky (N-CSC)" (alek):

> I'm just starting to play around with 1.6.8 (thanx for another nice
> looking release Todd that compiles/installs super-duper easy) ... and
> one of the new features that excited me was:
>    If sudo is used to run as root shell, further sudo commands will be 
>    logged as run by the user specified by the SUDO_USER environment variable.
> When I first read this, I thought "way cool - if someone does a 'sudo csh'"
> than I'll know what they do after that ... but all I saw in syslog was
> the csh and nothing else.

I wish.  To do this basically requires having a hook into the exec
family of system calls.  On OSes with the "systrace" policy-based
monitoring facilty this should be possible, though I've not yet
tried to do it.

> I re-read it for the third time ... and now I believe it means that if I
> am root and run sudo, it will log the original user (if determineable 
> via the SUDO_USER variable) for any commands rather than root.


 - todd

More information about the sudo-workers mailing list