SU privileges and sudo logging

From: David Zarnoch (David.Zarnoch_at_BISYS.COM)
Date: 06/24/04

  • Next message: David Zarnoch: "sudo logging SOLVED" 
    Date:         Thu, 24 Jun 2004 10:13:44 -0500
To: aix-l@Princeton.EDU

    Thanks to all!

    I'm awaiting a decision from the Security department
    on which method to use.

    In the meantime, I went ahead and downloaded and compiled sudo.

    It works fine except for the logging

    I followed some instructions that I found on the net

    #touch /var/log/sudo.log

    Included the following line in syslog.conf:

    local2.* /var/log/sudo

    (I also tried local2.debug)

    Also, the two values are seperated by a "tab"

    I then tried "refresh -s syslogd" but the logging still doesn't work

    I'm running AIX 5.2

    Any help?

    Thanks!

    Dave Zarnoch
    david.zarnoch@bisys.com

    >>> janfrode@PARALLAB.UIB.NO 06/24/04 08:10AM >>>
    On Thu, Jun 24, 2004 at 06:49:06AM -0500, David Zarnoch wrote:
    >
    > How would I set up a group to allow SU privileges?

    To limit that only specific users are allowed to use the 'su' command?
    Then adding these users to group=security and changing the permissions
    on /usr/bin/su should do the trick:

            % ls -ld /usr/bin/su
            -r-sr-xr-x 1 root security 18980 Apr 30 2003 /usr/bin/su
            % chmod 4550 /usr/bin/su
            -r-sr-x--- 1 root security 18980 Apr 30 2003 /usr/bin/su

    > Could I create a group "rootprvl" or would I need to use "sudo"?

    If you want to give a group of users the possibility to run 'su -
    $username' without needing to know the password of $username, then I
    think 'sudo' is the best solution.

      -jf

     (awaiting a flood of vacation messages from misconfigured vacation
      programs from the users on this list)

  • Next message: David Zarnoch: "sudo logging SOLVED"