[lug] logging a script when executed using sudo
John Hernandez
John.Hernandez at noaa.gov
Thu Sep 20 09:42:35 MDT 2001
charles at lunarmedia.net wrote:
>
> i am writing a script and i would like to include some logging capability.
> the script however, will more than likely be ran via sudo.
>
> according to the sudo man page:
>
> The real and effective uid and gid are set to match
> those of the target user as specified in the passwd file
>
> so, i assume that if i were to attempt to put the username of the
> individual running the script into the log file, it will turn up as 'root'
> rather than as the actual non-privelaged user.
>
> is this a general practice when logging items executed as sudo? are
> sysadmins correlating one log file against the sudo log entries and
> matching timestamps to figure out who did what?
>
> regards, -c
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
Rather than run the whole script under sudo, another approach would be to put specific sudo statements within your shell script where needed. That way, the sudo logs themselves will reveal the details you're after.
--
- John Hernandez - Network Engineer - 303-497-6392 -
| National Oceanic and Atmospheric Administration |
| Mailstop R/OM12. 325 Broadway, Boulder, CO 80305 |
----------------------------------------------------
More information about the LUG
mailing list