- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: sudo messages to root tty
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-16-2011 10:01 AM
07-16-2011 10:01 AM
I am running HP-UX 11.31 and using ixpress sudo to allow users to run some commands....
The issue is the many messages it puts out to the root tty throughout the day....
Is there a way to stop these messages from displaying:
Jul 16 06:47:18 tmoa1db01 sudo: mmahmoud : /var/adm owned by uid 4, should be uid 0 ; TTY=pts/3 ; PWD=/t3home_dirs/users/mmahmoud ; USER=root ; COMMAND=/usr/local/bin/oracle
Jul 16 10:48:25 tmoa1db01 sudo: mmahmoud : /var/adm owned by uid 4, should be uid 0 ; TTY=pts/3 ; PWD=/t3home_dirs/users/mmahmoud ; USER=root ; COMMAND=/usr/local/bin/oracle
Jul 16 11:57:02 tmoa1db01 sudo: kvelusam : /var/adm owned by uid 4, should be uid 0 ; TTY=pts/2 ; PWD=/t3home_dirs/users/kvelusam ; USER=root ; COMMAND=/usr/local/bin/oracle
Jul 16 12:50:51 tmoa1db01 sudo: mmahmoud : /var/adm owned by uid 4, should be uid 0 ; TTY=pts/2 ; PWD=/t3home_dirs/users/mmahmoud ; USER=root ; COMMAND=/usr/local/bin/oracle
The /etc/syslog.conf currently contains following, and I assume the *.alert root, line needs to be changed somehow but not sure how...:
=> cat /etc/syslog.conf
# @(#)B.11.31_LR
#
# syslogd configuration file.
#
# See syslogd(1M) for information about the format of this file.
#
mail.debug /var/adm/syslog/mail.log
*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *
=>
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-16-2011 12:05 PM
07-16-2011 12:05 PM
Re: sudo messages to root tty
>/var/adm owned by uid 4, should be uid 0
Have you looked at who owns /var/adm/? ll -d /var/adm/
You may want to compare against another system. It may be that you shouldn't have the sudo logs there because sudo wants root to be the owner and swverify wants UID 4.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-17-2011 10:27 AM
07-17-2011 10:27 AM
Re: sudo messages to root tty
I've checked every HP-UX server we have and the /var/adm directory is owned by UID 4 and GID 4 which is 'adm' ID and Group.... So I'm resitent to just change the owner:group on /var/adm....
Don't know why sudo would be interested in this to start with, the sud log file is: /var/log/sudolog...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-17-2011 12:32 PM
07-17-2011 12:32 PM
Re: sudo messages to root tty
> I'm resistant to just change the owner:group on /var/adm.
Rightly so.
>the sudo log file is: /var/log/sudolog.
Hmm. Them I'm not sure why it is looking at /var/adm/.
You may want to search the sudo documentation for /var/adm to see if it is mentioned.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-17-2011 01:16 PM
07-17-2011 01:16 PM
Re: sudo messages to root tty
The sudo command they are executing is: COMMAND=/usr/local/bin/oracle, which is nothing more than an su command for the DBA's to get to the oracle Adminitrative account:
=> cat /usr/local/bin/oracle
#!/bin/ksh
su - oracle
=>
and the sulog is in /var/adm, so maybe that could be what is causing the message ...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-17-2011 01:36 PM
07-17-2011 01:36 PM
Re: sudo messages to root tty
>the sulog is in /var/adm, so maybe that could be what is causing the message ...
That's not sudolog, so I'm not sure why it is looking there. Is it logging anything here?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-18-2011 07:50 AM
07-18-2011 07:50 AM
Re: sudo messages to root tty
Login as root and execute visudo command to edit /etc/sudoers file. Don't try to open /etc/sudoers file with vi or any other editor because if you put any wrong entry or syntax is incorrect then at the time saving it will not warn you. But in case of visudo it will warn you.
So finally add the following entry at the top of /etc/sudoers file
Defaults logfile=/var/log/sudolog
Change /var/log/sudolog file permission and ownership as follows:
# chown root:sys /var/log/sudolog
# chown 0600 /var/log/sudolog
Now onwards all sudo related logs will come under /var/log/sudolog file.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-20-2011 02:05 AM
07-20-2011 02:05 AM
Re: sudo messages to root tty
I have same issue on my HP-UX servers at customer site.
I have changed loggin according last post (redirect sudo logs tu /var/log/sudolog) but the behaviour of sudo did not change.
sudo warn me not only to logfie but also on the screen when I try to execute any command under sudo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-20-2011 03:30 AM
07-20-2011 03:30 AM
SolutionSolved:
the root cause of error reporting is that sudo on HP-UX use /var/adm directory as timestapm directory.
I have created /var/adm/sudo directory to keep general practise
# mkdir /var/adm/sudo
after that I added followed lines at the beginning of the sudoers file:
Defaults logfile=/var/adm/sudo/sudo.log
Defaults timestampdir=/var/adm/sudo
Everyting works O.K.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-20-2011 11:02 AM
07-20-2011 11:02 AM
Re: sudo messages to root tty
Thanks Milan, the last suggestion solved my issue also...