cancel
Showing results for 
Search instead for 
Did you mean: 

sudo messages to roo tty

SOLVED
Go to solution
MikeL_4
Super Advisor

sudo messages to roo tty

I am running HP-UX 11.31 and using ixpress sudo to allow users to run some commands....

 

The issue is the many messages it puts out to the root tty throughout the day....

 

Is there a way to stop these messages from displaying:

 

Jul 16 06:47:18 tmoa1db01 sudo: mmahmoud : /var/adm owned by uid 4, should be uid 0 ; TTY=pts/3 ; PWD=/t3home_dirs/users/mmahmoud ; USER=root ; COMMAND=/usr/local/bin/oracle
Jul 16 10:48:25 tmoa1db01 sudo: mmahmoud : /var/adm owned by uid 4, should be uid 0 ; TTY=pts/3 ; PWD=/t3home_dirs/users/mmahmoud ; USER=root ; COMMAND=/usr/local/bin/oracle
Jul 16 11:57:02 tmoa1db01 sudo: kvelusam : /var/adm owned by uid 4, should be uid 0 ; TTY=pts/2 ; PWD=/t3home_dirs/users/kvelusam ; USER=root ; COMMAND=/usr/local/bin/oracle
Jul 16 12:50:51 tmoa1db01 sudo: mmahmoud : /var/adm owned by uid 4, should be uid 0 ; TTY=pts/2 ; PWD=/t3home_dirs/users/mmahmoud ; USER=root ; COMMAND=/usr/local/bin/oracle

 

The /etc/syslog.conf currently contains following, and I assume the *.alert  root, line needs to be changed somehow but not sure how...:

=> cat /etc/syslog.conf
# @(#)B.11.31_LR
#
# syslogd configuration file.
#
# See syslogd(1M) for information about the format of this file.
#
mail.debug              /var/adm/syslog/mail.log
*.info;mail.none        /var/adm/syslog/syslog.log
*.alert                 /dev/console
*.alert                 root
*.emerg                 *
=>

10 REPLIES
Dennis Handly
Acclaimed Contributor

Re: sudo messages to root tty

>/var/adm owned by uid 4, should be uid 0

 

Have you looked at who owns /var/adm/?   ll -d /var/adm/

You may want to compare against another system.  It may be that you shouldn't have the sudo logs there because sudo wants root to be the owner and swverify wants UID 4.

MikeL_4
Super Advisor

Re: sudo messages to root tty

I've checked every HP-UX server we have and the /var/adm directory is owned by UID 4 and GID 4 which is 'adm' ID and Group.... So I'm resitent to just change the owner:group on /var/adm....

 

Don't know why sudo would be interested in this to start with, the sud log file is: /var/log/sudolog...

 

 

Dennis Handly
Acclaimed Contributor

Re: sudo messages to root tty

> I'm resistant to just change the owner:group on /var/adm.

 

Rightly so.

 

>the sudo log file is: /var/log/sudolog.

 

Hmm.  Them I'm not sure why it is looking at /var/adm/.

You may want to search the sudo documentation for /var/adm to see if it is mentioned.

MikeL_4
Super Advisor

Re: sudo messages to root tty

The sudo command they are executing is: COMMAND=/usr/local/bin/oracle, which is nothing more than an su command for the DBA's to get to the oracle Adminitrative account:

 

=> cat /usr/local/bin/oracle
#!/bin/ksh
su - oracle
=>

 

and the sulog is in /var/adm, so maybe that could be what is causing the message ...

Dennis Handly
Acclaimed Contributor

Re: sudo messages to root tty

>the sulog is in /var/adm, so maybe that could be what is causing the message ...

 

That's not sudolog, so I'm not sure why it is looking there.  Is it logging anything here?

Arunabha Banerjee
Valued Contributor

Re: sudo messages to root tty

Login as root and execute visudo command to edit /etc/sudoers file. Don't try to open /etc/sudoers file with vi or any other editor because if you put any wrong entry or syntax is incorrect then at the time saving it will not warn you. But in case of visudo it will warn you.

 

So finally add the following entry at the top of  /etc/sudoers file

 

Defaults logfile=/var/log/sudolog

 

Change /var/log/sudolog file permission and ownership as follows:

 

# chown root:sys /var/log/sudolog

# chown 0600 /var/log/sudolog

 

Now onwards all sudo related logs will come under /var/log/sudolog file.

AB
MilanMazac
Occasional Visitor

Re: sudo messages to root tty

I have same issue on my HP-UX servers at customer site.

I have changed loggin according last post (redirect sudo logs tu /var/log/sudolog) but the behaviour of sudo did not change.

 

sudo warn me not only to logfie but also on the screen when I try to execute any command under sudo

 

 

MilanMazac
Occasional Visitor
Solution

Re: sudo messages to root tty

Solved:

 

the root cause of error reporting is that sudo on HP-UX use /var/adm directory as timestapm directory.

 

I have created /var/adm/sudo directory to keep general practise

 

# mkdir /var/adm/sudo

 

after that I added followed lines at the beginning of the sudoers file:

 

Defaults logfile=/var/adm/sudo/sudo.log
Defaults timestampdir=/var/adm/sudo

 

Everyting works O.K.

 

 

 

MikeL_4
Super Advisor

Re: sudo messages to root tty

Thanks Milan, the last suggestion solved my issue also...

Dennis Handly
Acclaimed Contributor

Re: sudo messages to root tty