The original question was:
> >I am wanting to know whether a DU equivalent of HP-UX's qsu utility
> >exists, or whether there are any other sudo equivalents available.
> >I don't like having the users do an sudo ksh which circumvents the command
> >logging process; all I have for reference then is the .sh_history
> >file - if it's still there !
Unfortunately, I conveyed the incorrect desire in that we would like some
users to be able to do an sudo ksh - we just want their commands to
continue to be logged.
Replies came in from Marie-Claude Vialatte, Antonia Gomez, Kurt Carlson,
John Hergert and William Magill - thankyou very much.
Based on the question, it was fair enough that the main suggestion was to
disallow sudo users from executing any shells ie. using visudo to edit the
sudoers file, put in the following entry
Cmnd_Alias SHELLS=/sbin/ksh, /sbin/sh, /sbin/csh
.
.
USERS ALL=(ALL) ALL, !SHELLS
However, because I personally want users to be able to use the
korn shell, one reasonable suggestion was to selectively enable logging
which should provide a pid tree allowing us to track who did what.
One group member mentioned using dop, however Digital have recommended
this not be used as it is undergoing substantial revamping. Additionally,
there appears to be very little information on it and it doesn't sound
like it gets around the command logging problem experienced with sudo ksh.
Duncan Webbe
Unix Systems Administrator
David Jones Ltd. (Australia)
Received on Tue Apr 21 1998 - 02:55:34 NZST