HPE Community
Operating System - HP-UX
1832983 Members
2903 Online
110048 Solutions
New Discussion

Re: sudo - for SysAdmins

 
Louis Masucci
Advisor

‎06-23-2000 09:05 AM

‎06-23-2000 09:05 AM

sudo - for SysAdmins

I have set up sudo for our users, I want to set it up for our SysAdmins. I have it set up so SysAdmins can run every command but they must type sudo in front of the command. Is there away to allow SysAdmins to run the commands without typing in Sudo in front of every command and still log what command they have run?

thanks ... Lou
0 Kudos
Reply
5 REPLIES 5
Rick Garland
Honored Contributor

‎06-23-2000 10:47 AM

‎06-23-2000 10:47 AM

Re: sudo - for SysAdmins

If they have the option to "sudo su -" and become the root user, then they would not have to type the sudo first for subsequent commands - but you will not have those entries put into the sudo.log (these commands are run as root and are not being run as the sudo user). The initial "sudo su -" will go into the sudo.log

If you have setup the configure options to log to sudo.log or syslog.log or both, they will log the sudo commands. Commands not running with sudo are not logged.

You could setup an alias to shorten the sudo, write scripts that input the sudo command first, etc... There are many options available at this point.

I think you may be looking at two different logging capabilities here.
0 Kudos
Reply
Rick Garland
Honored Contributor

‎06-23-2000 01:38 PM

‎06-23-2000 01:38 PM

Re: sudo - for SysAdmins

Had to look through my notes but there is www.courtesan.com site that will help you look for answers. I also have the configure options that were used when I did the build for sudo on HPUX

Give me a holler and I'll provide what info I can.
0 Kudos
Reply
Alan Riggs
Honored Contributor

‎06-23-2000 01:56 PM

‎06-23-2000 01:56 PM

Re: sudo - for SysAdmins

Are you restricting your admins from specific root functions? If not, you could simply disable direct root accss and require them to log into their own accounts before "su"ing to root. Then simply place a script command in the root profile with a script command that hits a different file based on the output of logname.
0 Kudos
Reply
Evert Jan van Ramselaar
Valued Contributor

‎06-24-2000 06:14 AM

‎06-24-2000 06:14 AM

Re: sudo - for SysAdmins

Another option might be giving all sysadmins a user id 0. Used commands are still saved in the users history instead of root's?

Evert Jan
Contrary to popular belief, Unix is userfriendly. It just happens to be selective about who it makes friends with.
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎06-25-2000 05:20 PM

‎06-25-2000 05:20 PM

Re: sudo - for SysAdmins

I would be very cautious about ever giving other user UID 0. It is far too easy for an ordinary user to make a mistake that would have been protected with a non-root ID. UID 0 is far too powerful to be used casually (as many sysaadmins will attest).

The rule should be: ask if UID 0 is *really* needed. If it is, login as root (never use su, use /usr/bin/su - root) take care of the task and then immediately leave.

Consider also what happens when a non-root user name has UID 0: They leave the company, the super user removes their account and all files owned by that user -- total destruction of HP-UX will result. Oops...


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.