[sudo-workers] Sudo mails
Radovan Sroka
rsroka at redhat.com
Mon Nov 23 09:05:14 MST 2015
Hi sudo-workers,
I've found an issue and I don't understand why is that so.
Sudo is sending mails depends on "sss" option in nsswitch.conf which is absolutely unrelated or is it?.
I expect that if some user used sudo in way against sudoers policy, root gets an email about it by default.
So if you create user e.g.
# useradd abc
# passwd abc #set 'abc' or whatever
then in sudoers add line:
# visudo
.
.
abc ALL=(ALL) /bin/ls
.
.
when the sudoers option is used in nsswitch.conf something like..
vim /etc/nsswitch.conf
.
.
.
sudoers files
.
.
.
and then:
# su - abc
$ sudo ls # sudo shouldn't send mail and it does not
$ sudo date # sudo should send mail but it does not
In this case sudo doesn't send mails, but when you change sudoers option in nsswitch.conf:
vim /etc/nsswitch.conf
.
.
.
sudoers files sss
.
.
.
and then again:
# su - abc
$ sudo ls # sudo shouldn't send mail and it does
$ sudo date # sudo should send mail and it really does
Sudo sends mails everytime it is used.
It's applicable on sudo 1.8.15.
Is that normal bahavior?
I'm not sure if I'm right, but it does not make any sense to me.
Radovan Sroka
More information about the sudo-workers
mailing list