Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: change io logging directory sudo 1.7.4p6
Top Forums UNIX for Advanced & Expert Users change io logging directory sudo 1.7.4p6 Post 302525387 by DGPickett on Thursday 26th of May 2011 01:39:59 PM
Old 05-26-2011
There's always sym-links! Smilie
 

8 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Logging all commands after a sudo su-

Hi there, It might seem tricky, I confess. We use sudo to allow people to initiate priviledged commands (but not all commands) on our Unix systems. To by pass this, some people initiate the sudo su - command ; The main issue is to 'know' what those people do when they gain root access.... (4 Replies)
Discussion started by: linuxmtl
4 Replies

2. UNIX for Dummies Questions & Answers

sudo logging + NFS hang?

Hi all, I have two problems, My system is SunOS 5.9: 1- I have installed sudo but I have a problem logging user activities on other hosts, the way I installed it is that I installed sudo and the sudoers file in a shared directory on a NFS server which is mounted by all computers on the... (1 Reply)
Discussion started by: neked
1 Replies

3. UNIX for Advanced & Expert Users

What change in freeBSD OS to allow root logging using ssh?

Hi everybody, ] I would like to ask just simpe and short question. I am using freeBSD 6.0 and Debian Sarge. From Debian console I can log as root using ssh to bsd mashine but not vice versa. When I say in bsd console su I got sorry output, it does not allow me to su to root when I am logged... (5 Replies)
Discussion started by: 100days
5 Replies

4. HP-UX

sudo or su logging

Jul 14 08:02:40 servera sshd: Accepted keyboard-interactive/pam for someuser from x.x.x.x port 1406 ssh2 Jul 14 08:02:48 servera su: - 1 someuser-root Jul 14 08:03:03 servera sudo: someuser : TTY=pts/1 ; PWD=/home/someuser ; USER=root ; COMMAND=/usr/bin/su - Jul 14 08:03:03 servera su: + 1... (3 Replies)
Discussion started by: Ikon
3 Replies

5. Solaris

How to change pwd during logging on ftp server?

Dear All, Could I change password while login in to ftp server(solaris 10)? I tried to use fileZilla and command prompt(window) to change my password but It can't. Do you have any suggestion ? Ps. I can't telnet and ssh to the server because of poicy for ftpuser. Thank in advance (3 Replies)
Discussion started by: unitipon
3 Replies

6. Shell Programming and Scripting

sudo on directory

Hello, I have a directory with 45 kshell scripts . I would like to grant sudo to specific account on this DIRECTORY and not on each and every files. Is it possible ? (note: I have the same scripts and directory both on linux redhat + hpux) Best Regards (1 Reply)
Discussion started by: yoavbe
1 Replies

7. Solaris

Sudo logging need year details also

Hi All I have a requirement in which during sudo logging, I must get the year details also in sudo log file. As below output is not mentioning the year due to this I will not able to idenfiy that this log belong to 2012 or 2011 or 2010 Dec 12 11:30:21 XYZ sudo: user1 : TTY=pts/5 ;... (4 Replies)
Discussion started by: sb200
4 Replies

8. Shell Programming and Scripting

Tar file with logging and directory via parameter

Hi all, I am fairly new to shell scripting and I am trying the following: My shell script creates a tar file with files with the ending ~. The directory - where the files and sub directories are located - comes as a parameter when I call the script. Files that are archived will be written in... (1 Reply)
Discussion started by: neg42
1 Replies

LEARN ABOUT CENTOS

pam_ssh_agent_auth

pam_ssh_agent_auth(8)							PAM						     pam_ssh_agent_auth(8)

PAM_SSH_AGENT_AUTH
       This module provides authentication via ssh-agent.  If an ssh-agent listening at SSH_AUTH_SOCK can successfully authenticate that it has
       the secret key for a public key in the specified file, authentication is granted, otherwise authentication fails.

SUMMARY

       /etc/pam.d/sudo: auth	sufficient     pam_ssh_agent_auth.so file=/etc/security/authorized_keys
       /etc/sudoers:
	    Defaults	env_keep += "SSH_AUTH_SOCK"

       This configuration would permit anyone who has an SSH_AUTH_SOCK that manages the private key matching a public key in
       /etc/security/authorized_keys to execute sudo without having to enter a password. Note that the ssh-agent listening to SSH_AUTH_SOCK can
       either be local, or forwarded.

       Unlike NOPASSWD, this still requires an authentication, it's just that the authentication is provided by ssh-agent, and not password entry.

ARGUMENTS

       file=<path to authorized_keys>
	   Specify the path to the authorized_keys file(s) you would like to use for authentication. Subject to tilde and % EXPANSIONS (below)

       allow_user_owned_authorized_keys_file
	   A flag which enables authorized_keys files to be owned by the invoking user, instead of root. This flag is enabled automatically
	   whenever the expansions %h or ~ are used.

       debug
	   A flag which enables verbose logging

       sudo_service_name=<service name you compiled sudo to use>
	   (when compiled with --enable-sudo-hack)

	   Specify the service name to use to identify the service "sudo". When the PAM_SERVICE identifier matches this string, and if PAM_RUSER
	   is not set, pam_ssh_agent_auth will attempt to identify the calling user from the environment variable SUDO_USER.

	   This defaults to "sudo".

EXPANSIONS

       ~  -- same as in shells, a user's Home directory
	   Automatically enables allow_user_owned_authorized_keys_file if used in the context of ~/. If used as ~user/, it would expect the file
	   to be owned by 'user', unless you explicitely set allow_user_owned_authorized_keys_file

       %h -- User's Home directory
	   Automatically enables allow_user_owned_authorized_keys_file

       %H -- The short-hostname
       %u -- Username
       %f -- FQDN

EXAMPLES

       in /etc/pam.d/sudo

       "auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys"
	   The default .ssh/authorized_keys file in a user's home-directory

       "auth sufficient pam_ssh_agent_auth.so file=%h/.ssh/authorized_keys"
	   Same as above.

       "auth sufficient pam_ssh_agent_auth.so file=~fred/.ssh/authorized_keys"
	   If the home-directory of user 'fred' was /home/fred, this would expand to /home/fred/.ssh/authorized_keys.  In this case, we have not
	   specified allow_user_owned_authorized_keys_file, so this file must be owned by 'fred'.

       "auth sufficient pam_ssh_agent_auth.so file=/secure/%H/%u/authorized_keys allow_user_owned_authorized_keys_file"
	   On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar/fred/authorized_keys.	In this case, we specified
	   allow_user_owned_authorized_keys_file, so fred would be able to manage that authorized_keys file himself.

       "auth sufficient pam_ssh_agent_auth.so file=/secure/%f/%u/authorized_keys"
	   On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar.baz.com/fred/authorized_keys.	In this case, we
	   have not specified allow_user_owned_authorized_keys_file, so this file must be owned by root.

v0.8								    2009-08-09						     pam_ssh_agent_auth(8)
All times are GMT -4. The time now is 04:37 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy