Sudo Logging Feature - helps in multi-admin Linux environments
I have been using sudo for more than two years and recently when I started working on RedHat based systems, I realized that I actually prefer a root shell(don't confuse with gui login) while performing administrative tasks. I am more careful - thinking twice before running a command, here than with sudo. But there is something about sudo that makes it a fantastic tool for multi-admin environments. I am talking about its logging capability.
In earlier days of Linux, when it was more or less following the same policies as Unix, there were only two kind of users - root and non-root. You had to be root to do a privileged task. This way if a system has multiple admins, there was no way to find out who ran what and when because they were all using the same login credentials. This was one of the primary issues which sudo addressed. It lets you do a privileged task as a non-root user and keeps a log of each command executed using sudo and helps answer the who, when and what questions.
For those who have not used sudo, this utility allows temporary privilege escalation to users. In simple terms, it allows a user to run commands with higher privileges. This way the user doesn’t have to be logged in as root all the time. The level of privilege allowed is mention in the /etc/sudoers file. Here’s is an example.
[shredder12]$ fdisk -l
[shredder12]$ sudo fdisk -l
works like a charm
Now, when you look at the logs - /var/log/auth.log (for ubuntu) and /var/log/messages for others.
[shredder12]$ tail -f /var/log/auth.log
Feb 28 14:53:03 laptop1413 sudo: sahni : TTY=pts/0 ; PWD=/home/sahni/ ; USER=root ; COMMAND=/usr/bin/fdisk -l
As you can see, it precisely tells you who ran what command and when.