Bug 496 – log_input problem

Bug 496 - log_input problem


Summary:	log_input problem

Status:	RESOLVED INVALID

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.8.1
Hardware:	HP HP-UX

Importance:	low normal
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2011-05-25 14:44 MDT by Michael
Modified:	2011-05-25 16:11 MDT (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael 2011-05-25 14:44:05 MDT

Running HP-UX 11.31
Sudo 1.8.1p1

I added to /etc/sudoers file the following line:
Defaults log_input

A user who has been added to the sudoers file and runs the following commands:

#sudo ls
#date
#man rm

in the log located at /var/adm/sudo-io/../../.. it only records the ls command and not the commands following it. Does sudo only log commands run with the sudo prefix in the command?

The manual says for log_input: "If set, sudo will run the command in a pseudo tty and log all user input". I was under the impression the pseudo tty would also capture the commands following the initial duso ls command. Is it possible I have it misconfigured? Or is it not a function of sudo to do what I have described?

Thanks

Comment 1 Todd C. Miller 2011-05-25 14:58:30 MDT

Sudo can only log input for the commands run via sudo.  So, for

# sudo ls
# date
# man rm

you will only see input from the "sudo ls" since the pseudo-tty is allocated, the command (ls) is run, and after the command terminates, the pseudo-tty is closed.

However, if the user does:

$ sudo ksh
# ls
# date
# man rm
# exit

the input of all the commands between "sudo ksh" and "exit" would be logged.

Comment 2 Michael 2011-05-25 15:55:34 MDT

Thank you for the quick reply.
This issue is now clear to me.