HPE Community
Operating System - HP-UX
1752305 Members
4987 Online
108786 Solutions
New Discussion

Re: sudo messages to root tty

 
SOLVED
Go to solution
MikeL_4
Super Advisor

‎07-16-2011 10:01 AM

‎07-16-2011 10:01 AM

sudo messages to roo tty

I am running HP-UX 11.31 and using ixpress sudo to allow users to run some commands....

 

The issue is the many messages it puts out to the root tty throughout the day....

 

Is there a way to stop these messages from displaying:

 

Jul 16 06:47:18 tmoa1db01 sudo: mmahmoud : /var/adm owned by uid 4, should be uid 0 ; TTY=pts/3 ; PWD=/t3home_dirs/users/mmahmoud ; USER=root ; COMMAND=/usr/local/bin/oracle
Jul 16 10:48:25 tmoa1db01 sudo: mmahmoud : /var/adm owned by uid 4, should be uid 0 ; TTY=pts/3 ; PWD=/t3home_dirs/users/mmahmoud ; USER=root ; COMMAND=/usr/local/bin/oracle
Jul 16 11:57:02 tmoa1db01 sudo: kvelusam : /var/adm owned by uid 4, should be uid 0 ; TTY=pts/2 ; PWD=/t3home_dirs/users/kvelusam ; USER=root ; COMMAND=/usr/local/bin/oracle
Jul 16 12:50:51 tmoa1db01 sudo: mmahmoud : /var/adm owned by uid 4, should be uid 0 ; TTY=pts/2 ; PWD=/t3home_dirs/users/mmahmoud ; USER=root ; COMMAND=/usr/local/bin/oracle

 

The /etc/syslog.conf currently contains following, and I assume the *.alert  root, line needs to be changed somehow but not sure how...:

=> cat /etc/syslog.conf
# @(#)B.11.31_LR
#
# syslogd configuration file.
#
# See syslogd(1M) for information about the format of this file.
#
mail.debug              /var/adm/syslog/mail.log
*.info;mail.none        /var/adm/syslog/syslog.log
*.alert                 /dev/console
*.alert                 root
*.emerg                 *
=>

0 Kudos
Reply
10 REPLIES 10
Dennis Handly
Acclaimed Contributor

‎07-16-2011 12:05 PM

‎07-16-2011 12:05 PM

Re: sudo messages to root tty

>/var/adm owned by uid 4, should be uid 0

 

Have you looked at who owns /var/adm/?   ll -d /var/adm/

You may want to compare against another system.  It may be that you shouldn't have the sudo logs there because sudo wants root to be the owner and swverify wants UID 4.

0 Kudos
Reply
MikeL_4
Super Advisor

‎07-17-2011 10:27 AM

‎07-17-2011 10:27 AM

Re: sudo messages to root tty

I've checked every HP-UX server we have and the /var/adm directory is owned by UID 4 and GID 4 which is 'adm' ID and Group.... So I'm resitent to just change the owner:group on /var/adm....

 

Don't know why sudo would be interested in this to start with, the sud log file is: /var/log/sudolog...

 

 

0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎07-17-2011 12:32 PM

‎07-17-2011 12:32 PM

Re: sudo messages to root tty

> I'm resistant to just change the owner:group on /var/adm.

 

Rightly so.

 

>the sudo log file is: /var/log/sudolog.

 

Hmm.  Them I'm not sure why it is looking at /var/adm/.

You may want to search the sudo documentation for /var/adm to see if it is mentioned.

0 Kudos
Reply
MikeL_4
Super Advisor

‎07-17-2011 01:16 PM

‎07-17-2011 01:16 PM

Re: sudo messages to root tty

The sudo command they are executing is: COMMAND=/usr/local/bin/oracle, which is nothing more than an su command for the DBA's to get to the oracle Adminitrative account:

 

=> cat /usr/local/bin/oracle
#!/bin/ksh
su - oracle
=>

 

and the sulog is in /var/adm, so maybe that could be what is causing the message ...

0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎07-17-2011 01:36 PM

‎07-17-2011 01:36 PM

Re: sudo messages to root tty

>the sulog is in /var/adm, so maybe that could be what is causing the message ...

 

That's not sudolog, so I'm not sure why it is looking there.  Is it logging anything here?

0 Kudos
Reply
Arunabha Banerjee
Valued Contributor

‎07-18-2011 07:50 AM

‎07-18-2011 07:50 AM

Re: sudo messages to root tty

Login as root and execute visudo command to edit /etc/sudoers file. Don't try to open /etc/sudoers file with vi or any other editor because if you put any wrong entry or syntax is incorrect then at the time saving it will not warn you. But in case of visudo it will warn you.

 

So finally add the following entry at the top of  /etc/sudoers file

 

Defaults logfile=/var/log/sudolog

 

Change /var/log/sudolog file permission and ownership as follows:

 

# chown root:sys /var/log/sudolog

# chown 0600 /var/log/sudolog

 

Now onwards all sudo related logs will come under /var/log/sudolog file.

AB
0 Kudos
Reply
MilanMazac
Occasional Visitor

‎07-20-2011 02:05 AM

‎07-20-2011 02:05 AM

Re: sudo messages to root tty

I have same issue on my HP-UX servers at customer site.

I have changed loggin according last post (redirect sudo logs tu /var/log/sudolog) but the behaviour of sudo did not change.

 

sudo warn me not only to logfie but also on the screen when I try to execute any command under sudo

 

 

0 Kudos
Reply
MilanMazac
Occasional Visitor

‎07-20-2011 03:30 AM

‎07-20-2011 03:30 AM

Solution

Re: sudo messages to root tty

Solved:

 

the root cause of error reporting is that sudo on HP-UX use /var/adm directory as timestapm directory.

 

I have created /var/adm/sudo directory to keep general practise

 

# mkdir /var/adm/sudo

 

after that I added followed lines at the beginning of the sudoers file:

 

Defaults logfile=/var/adm/sudo/sudo.log
Defaults timestampdir=/var/adm/sudo

 

Everyting works O.K.

 

 

 

Reply
MikeL_4
Super Advisor

‎07-20-2011 11:02 AM

‎07-20-2011 11:02 AM

Re: sudo messages to root tty

Thanks Milan, the last suggestion solved my issue also...

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.