Bugzilla – Bug 792
Add LOG_PID to openlog calls so that sudo includes PID in syslog messages
Last modified: 2017-08-24 05:49:43 MDT
Created attachment 496 [details] Add LOG_PID to openlog calls I would find it useful if syslogs generated by sudo included the PID. This would help when analyzing logs from a busy server where there are multiple messages per sudo, such as when pam_unix logs session opened / session closed messages. Attached is a trivial patch to pass LOG_PID on openlog. It gives my desired behavior: Jul 20 16:52:35 foo sudo[31629]: apache : TTY=unknown ; PWD=/var/bar/cgi ; USER=yada ; GROUP=yada ; COMMAND=/var/bar/cgi/baz.cgi Jul 20 16:52:35 foo sudo[31629]: pam_unix(sudo:session): session opened for user yada by (uid=0) Jul 20 16:52:36 foo sudo[31629]: pam_unix(sudo:session): session closed for user yada _But_, I do not suggest it's actually ready for inclusion yet; this change shouldn't happen by surprise, as it changes a ~20+ year established behavior and would break existing regexes. I think the thing to do is probably to introduce a sudo.conf option, defaulting to off, that enables this. Then first distributions, and then individual sysadmins, can decide if/when they want the new behavior. I did not implement that yet though, wanted to get feedback on the idea first. Would you accept this change; does a sudo.conf knob sound like the right approach? Thanks!
Created attachment 497 [details] Patch to add syslog_pid sudoers option.
I agree, I've made the following commit: https://www.sudo.ws/repos/sudo/rev/f4dc29b0052c and attached a diff relative to sudo 1.8.20
Awesome, thank you!
Sudo 1.8.21 is out now and contains the syslog_pid option.