Hi Prashant, By allowing a user to run any command you open up the potential for them to either su to root or run a shell as root. Either way sudo will no longer be invoked if they do that and you won't have sudo logs of what actions took place. A couple of things you can do. Specify what commands they can run via sudo (e.g. /sbin/ifconfig, /bin/rm, ...) so that each command gets logged. Or install something like sudosh and allow them to run that command. This essentially writes out their shell history to a filed based upon their uid and timestamp. Hope this helps. Cheers, Harry Prashant Singh <prash4321@xxxxxxxxxxx> wrote: >Dear All, > >What is the best way to give root priviliges and also log thier activity logs. What I did was I have created a user added to group assigned admin rights to the group using entry:- > >%group_name ALL = ALL ALL > >It works but first time it asks password and it also logs that and after that it dose'nt ask for password and works without giving sudo command > >In the next senario it asks for sudo before any command and logs it without sudo asking for password > >I need to work it like it asks for password first time with sudo <Command> and then dont need sudo to be added before a command and also logs it. > >we use mostly Fedora 15 and CentOS 6.0 up versions on servers. > > > >Thanks & Regards >Prashant Singh Genda >-- >redhat-list mailing list >unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
