Skip Menu |
 

To: <krb5-bugs@mit.edu>
From: Pat Riehecky <riehecky@fnal.gov>
Subject: When using .k5users, commands are not logged
Date: Mon, 12 Oct 2015 11:02:42 -0500
I'm looking to switch from sudo to .k5users, but the logging is reduced
by comparison.

For example:
sudo: riehecky : TTY=pts/2 ; PWD=/home/riehecky ; USER=root ;
COMMAND=/bin/ls -a
vs
ksu[15242]: pam_unix(ksu:session): session opened for user root by
riehecky(uid=1000)

Can the logging be increased so that the command and its arguments is
logged?

Pat

--
Pat Riehecky
Scientific Linux developer

Fermi National Accelerator Laboratory
www.fnal.gov
www.scientificlinux.org
The commit for this issue will fix logging when a non-root user tries
to ksu with a command and authorization fails. The context for that
change in scope is here:

https://bugzilla.redhat.com/show_bug.cgi?id=1270927
From: ghudson@mit.edu
Subject: git commit

Log when non-root ksu authorization fails

If non-root user attempts to ksu but is denied by policy, log to
syslog at LOG_WARNING in keeping with other failure messages.

https://github.com/krb5/krb5/commit/6cfa5c113e981f14f70ccafa20abfa5c46b665ba
Author: Robbie Harwood <rharwood@redhat.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: 6cfa5c113e981f14f70ccafa20abfa5c46b665ba
Branch: master
src/clients/ksu/main.c | 10 ++++++++++
1 files changed, 10 insertions(+), 0 deletions(-)