Re: [Sudoscript-devel] logging shell
Brought to you by:
hbo
Menu
▾
▴
Re: [Sudoscript-devel] logging shell
|
From: Howard O. <hb...@eg...> - 2002-05-10 01:39:06
|
You could put something like sudoshell in the shell field of /etc/passwd. I wouldn't recommend it, though. Depending on how many users your system had, you'd end up logging a huge amount of data. Since there's no relable and easy way to seperate user input from command output, you'd be saving a potentially large quantity of information for every command invocation. Sudoscriptd manages the amount of information logged, throwing away old logs as new ones get written. This is the only advantage sudoscript would have over a simple shell wrapper for the application you want. Of course, you will still be throwing everyone's log data into the same file in the end, making it even harder to make sense of the output. I'm working on a 2.0 design that will fix that particular problem. Two things would have to change in sudoshell/sudoscriptd in order to allow logging by ordinary users. First, the root check in sudoshell would have to be removed. Second, the permissions on /var/run/sudoscriptd would have to be opened up so that ordinary users could write to the typescript. Since there's just one typescript, this means that anyone could mess with your sudoscript logs. All in all, I don't think that sudoscript is suitable for what you want. --On Thursday, May 09, 2002 06:13:51 PM -0700 Florin Andrei <fl...@sg...> wrote: > Maybe i'm asking the wrong question, but anyway... > > Currently, you have to run sudoshell via sudo to get the audited shell. > But, honestly, i'm not happy with that. I want an audited shell right > from the beginning, not just after the user ran sudo. > > I wonder if it's possible to modify sudoshell so that it can be declared > the user's default shell; so, when the user logs into the system, it > gets the audited shell from the first moment. > I'm not sure if that's possible with the current architecture. But i > would like to have a toy like that. ;-) > > -- > Florin Andrei > > There's nothing to be ashamed of in coming up with the obvious, > especially when nobody else is coming up with it. > > > _______________________________________________________________ > > Have big pipes? SourceForge.net is looking for download mirrors. We supply > the hardware. You get the recognition. Email Us: ban...@so... > _______________________________________________ > Sudoscript-devel mailing list > Sud...@li... > https://lists.sourceforge.net/lists/listinfo/sudoscript-devel Howard Owen "Even if you are on the right EGBOK Consultants track, you'll get run over if you hb...@eg... +1-650-339-5733 just sit there." - Will Rogers |
