https://community.hpe.com/t5/operating-system-hp-ux/sudo-logging/m-p/3653564#M804409 and when i add him:<BR /><BR /> Oct 20 10:07:22 bd-devl sudo: petbou : command not allowed ; TTY=pts/te ; PW<BR />D=/ops/servicedesk ; USER=root ; COMMAND=/usr/bin/vipw<BR /><BR />goes to roots terminal Thu, 20 Oct 2005 04:07:30 GMT Tom Satinet 2005-10-20T04:07:30Z https://community.hpe.com/t5/operating-system-hp-ux/sudo-logging/m-p/3653560#M804405 Hello,<BR /><BR />I am setting up sudo to delegate tasks to a very non techincal service desk. So far my testing has been positive. however, when i try to run a command using sudo that is not allowed, the warning message echos to the root users terminal. This behaviour is really not what I want. here is my /etc/sudoers file:<BR /><BR />Defaults logfile=/var/run/sudo/sudo.log, mailto="admin@somewhere.co.uk" <BR />Cmnd_Alias ADDUSER=/ops/adduser<BR /><BR /># User privilege specification<BR />root ALL=(ALL) ALL<BR /><BR /># Members of the sdesk group may gain root privileges<BR />%sdesk ALL=NOPASSWD:/sbin/passwd,ADDUSER<BR /><BR />As I say, it works fine, but i want to stop failure warnings going to the root user's tty.<BR /><BR />Thanks for any advice. Thu, 20 Oct 2005 03:36:20 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo-logging/m-p/3653560#M804405 Tom Satinet 2005-10-20T03:36:20Z https://community.hpe.com/t5/operating-system-hp-ux/sudo-logging/m-p/3653561#M804406 what warning message u get ?<BR /><BR />Awadhesh Thu, 20 Oct 2005 03:47:50 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo-logging/m-p/3653561#M804406 AwadheshPandey 2005-10-20T03:47:50Z https://community.hpe.com/t5/operating-system-hp-ux/sudo-logging/m-p/3653562#M804407 What you tried to do with sudo? which error you are getting. Post full sudoers file configuration to help you.<BR /><BR />-Muthu Thu, 20 Oct 2005 03:51:50 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo-logging/m-p/3653562#M804407 Muthukumar_5 2005-10-20T03:51:50Z https://community.hpe.com/t5/operating-system-hp-ux/sudo-logging/m-p/3653563#M804408 what? i have posted the file.<BR /><BR />for example i typed this as the user:<BR /><BR />sudo vipw<BR /><BR />and root got this message on it's terminal:<BR /><BR />Oct 20 10:04:42 bd-devl sudo: petbou : user NOT in sudoers ; TTY=pts/te ; PW<BR />D=/ops/servicedesk ; USER=root ; COMMAND=/usr/bin/vipw<BR /><BR />Which also goes to the log file. in this example the user is not in the right unix group. but it happens on any failure event.<BR /><BR />How do i stop this? Thu, 20 Oct 2005 04:05:12 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo-logging/m-p/3653563#M804408 Tom Satinet 2005-10-20T04:05:12Z https://community.hpe.com/t5/operating-system-hp-ux/sudo-logging/m-p/3653564#M804409 and when i add him:<BR /><BR /> Oct 20 10:07:22 bd-devl sudo: petbou : command not allowed ; TTY=pts/te ; PW<BR />D=/ops/servicedesk ; USER=root ; COMMAND=/usr/bin/vipw<BR /><BR />goes to roots terminal Thu, 20 Oct 2005 04:07:30 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo-logging/m-p/3653564#M804409 Tom Satinet 2005-10-20T04:07:30Z https://community.hpe.com/t5/operating-system-hp-ux/sudo-logging/m-p/3653565#M804410 What do you have in /etc/syslog.conf ?<BR />Is it syslog that is writing the messages to the root user's tty? Thu, 20 Oct 2005 04:11:11 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo-logging/m-p/3653565#M804410 Stephen Keane 2005-10-20T04:11:11Z https://community.hpe.com/t5/operating-system-hp-ux/sudo-logging/m-p/3653566#M804411 ah great.<BR /><BR />i had not thought of that. These security events are 'alert' and this is configured as such:<BR /><BR />mail.debug /var/adm/syslog/mail.log<BR />*.info;mail.none /var/adm/syslog/syslog.log<BR />*.alert /dev/console<BR />*.alert root<BR />*.emerg *<BR /><BR />if I delete the console line will that be ok?<BR /> Thu, 20 Oct 2005 04:19:26 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo-logging/m-p/3653566#M804411 Tom Satinet 2005-10-20T04:19:26Z https://community.hpe.com/t5/operating-system-hp-ux/sudo-logging/m-p/3653567#M804412 try to change<BR />Defaults logfile=/var/run/sudo/sudo.log, mailto="admin@somewhere.co.uk" <BR /><BR />to<BR />Defaults logfile=/var/run/sudo/sudo.log<BR />Defaults mailto="admin@somewhere.co.uk" <BR /><BR />Regards,<BR />Sergejs Thu, 20 Oct 2005 04:29:18 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo-logging/m-p/3653567#M804412 Sergejs Svitnevs 2005-10-20T04:29:18Z https://community.hpe.com/t5/operating-system-hp-ux/sudo-logging/m-p/3653568#M804413 The problem is with,<BR /><BR />syslog_badpri<BR /> Syslog priority to use when user authenticates unsuccessfully. Defaults to alert.<BR /><BR />setting of suerors file. It will send failed authentication details to root's tty bcas syslog.conf is defined as,<BR /><BR />*.alert /dev/console<BR />*.alert root<BR /><BR />Change syslog_badpri to notice. It will redirect to sudo log file as like syslog_goodpri.<BR /><BR />hth. Thu, 20 Oct 2005 04:57:57 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo-logging/m-p/3653568#M804413 Muthukumar_5 2005-10-20T04:57:57Z https://community.hpe.com/t5/operating-system-hp-ux/sudo-logging/m-p/3653569#M804414 Change the alert level not to go to root console. It should help <BR /><BR />-Arun Thu, 20 Oct 2005 05:00:36 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo-logging/m-p/3653569#M804414 Arunvijai_4 2005-10-20T05:00:36Z