Sudo Logging Feature - helps in multi-admin Linux environments

I have been using sudo for more than two years and recently when I started working on RedHat based systems, I realized that I actually prefer a root shell(don't confuse with gui login) while performing administrative tasks. I am more careful - thinking twice before running a command, here than with sudo. But there is something about sudo that makes it a fantastic tool for multi-admin environments. I am talking about its logging capability.

In earlier days of Linux, when it was more or less following the same policies as Unix, there were only two kind of users - root and non-root. You had to be root to do a privileged task. This way if a system has multiple admins, there was no way to find out who ran what and when because they were all using the same login credentials. This was one of the primary issues which sudo addressed. It lets you do a privileged task as a non-root user and keeps a log of each command executed using sudo and helps answer the who, when and what questions.

For those who have not used sudo, this utility allows temporary privilege escalation to users. In simple terms, it allows a user to run commands with higher privileges. This way the user doesn’t have to be logged in as root all the time. The level of privilege allowed is mention in the /etc/sudoers file. Here’s is an example.

[shredder12]$ fdisk -l
<nothing>
[shredder12]$ sudo fdisk -l
works like a charm

Now, when you look at the logs - /var/log/auth.log (for ubuntu) and /var/log/messages for others.

[shredder12]$ tail -f /var/log/auth.log

Feb 28 14:53:03 laptop1413 sudo: sahni : TTY=pts/0 ; PWD=/home/sahni/ ; USER=root ; COMMAND=/usr/bin/fdisk -l

As you can see, it precisely tells you who ran what command and when.

3 Comments

brent s (not verified)
March 17th, 2011 09:27 pm
there is, however, an issue with this- if they do sudo -i, it starts an interactive shell with whatever user sudo is initiated as (sudo -u , root by default). to get around this, there is a fantastic utility called sudosh2 (http://sourceforge.net/projects/sudosh2/) which captures not only all commands entered but also all output; it records the session in a screen-type "video" for later playback. it's super easy to configure and use, and is all around fairly awesome.
brent s (not verified)
March 17th, 2011 09:29 pm
s/screen/script rather. :)
Anon Linuxer (not verified)
April 16th, 2011 07:28 pm
I think the logging feature really helps in open source.

Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <img> <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote> <h1> <h2> <h3> <h4> <h5> <h6> <p> <br>
  • You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.
  • Image links with 'rel="lightbox"' in the <a> tag will appear in a Lightbox when clicked on.

More information about formatting options

Type the characters you see in this picture. (verify using audio)
Type the characters you see in the picture above; if you can't read them, submit the form and a new image will be generated. Not case sensitive.