details from the log_input and log_output descriptions to it.
For more information on configuring sudo.conf(4), please refer to its
manual.
- A\bAu\but\bth\bhe\ben\bnt\bti\bic\bca\bat\bti\bio\bon\bn a\ban\bnd\bd l\blo\bog\bgg\bgi\bin\bng\bg
+ U\bUs\bse\ber\br A\bAu\but\bth\bhe\ben\bnt\bti\bic\bca\bat\bti\bio\bon\bn
The s\bsu\bud\bdo\boe\ber\brs\bs security policy requires that most users authenticate
themselves before they can use s\bsu\bud\bdo\bo. A password is not required if the
invoking user is root, if the target user is the same as the invoking
record for each tty, which means that a user's login sessions are
authenticated separately. The _\bt_\bt_\by_\b__\bt_\bi_\bc_\bk_\be_\bt_\bs option can be disabled to
force the use of a single time stamp for all of a user's sessions.
+
+ L\bLo\bog\bgg\bgi\bin\bng\bg
s\bsu\bud\bdo\boe\ber\brs\bs can log both successful and unsuccessful attempts (as well as
errors) to syslog(3), a log file, or both. By default, s\bsu\bud\bdo\boe\ber\brs\bs will log
via syslog(3) but this is changeable via the _\bs_\by_\bs_\bl_\bo_\bg and _\bl_\bo_\bg_\bf_\bi_\bl_\be Defaults
- settings.
+ settings. See _\bL_\bO_\bG _\bF_\bO_\bR_\bM_\bA_\bT for a description of the log file format.
- _\bs_\bu_\bd_\bo_\be_\br_\bs also supports logging a command's input and output streams. I/O
- logging is not on by default but can be enabled using the _\bl_\bo_\bg_\b__\bi_\bn_\bp_\bu_\bt and
- _\bl_\bo_\bg_\b__\bo_\bu_\bt_\bp_\bu_\bt Defaults flags as well as the LOG_INPUT and LOG_OUTPUT command
- tags.
+ s\bsu\bud\bdo\boe\ber\brs\bs is also capable of running a command in a pseudo-tty and logging
+ all input and/or output. The standard input, standard output and
+ standard error can be logged even when not associated with a terminal.
+ I/O logging is not on by default but can be enabled using the _\bl_\bo_\bg_\b__\bi_\bn_\bp_\bu_\bt
+ and _\bl_\bo_\bg_\b__\bo_\bu_\bt_\bp_\bu_\bt options as well as the LOG_INPUT and LOG_OUTPUT command
+ tags. See _\bI_\b/_\bO _\bL_\bO_\bG _\bF_\bI_\bL_\bE_\bS for details on how I/O log files are stored.
C\bCo\bom\bmm\bma\ban\bnd\bd e\ben\bnv\bvi\bir\bro\bon\bnm\bme\ben\bnt\bt
Since environment variables can influence program behavior, s\bsu\bud\bdo\boe\ber\brs\bs
connected to the user's tty, due to I/O redirection or
because the command is part of a pipeline, that input
is also captured and stored in a separate log file.
+ For more information, see the _\bI_\b/_\bO _\bL_\bO_\bG _\bF_\bI_\bL_\bE_\bS section.
This flag is _\bo_\bf_\bf by default.
- Input is logged to the directory specified by the
- _\bi_\bo_\bl_\bo_\bg_\b__\bd_\bi_\br option (_\b/_\bv_\ba_\br_\b/_\bl_\bo_\bg_\b/_\bs_\bu_\bd_\bo_\b-_\bi_\bo by default) using a
- unique session ID that is included in the normal s\bsu\bud\bdo\bo
- log line, prefixed with ``TSID=''. The _\bi_\bo_\bl_\bo_\bg_\b__\bf_\bi_\bl_\be
- option may be used to control the format of the session
- ID. Input from the user's tty is logged to the _\bt_\bt_\by_\bi_\bn
- file. Input from a pipe or file is logged to the _\bs_\bt_\bd_\bi_\bn
- file. These files are in gzip (compressed) format
- unless the _\bc_\bo_\bm_\bp_\br_\be_\bs_\bs_\b__\bi_\bo option has been disabled. Due
- to buffering, the I/O log data will not be complete
- until the s\bsu\bud\bdo\bo command has completed.
-
- Note that user input may contain sensitive information
- such as passwords (even if they are not echoed to the
- screen), which will be stored in the log file
- unencrypted. In most cases, logging the command output
- via _\bl_\bo_\bg_\b__\bo_\bu_\bt_\bp_\bu_\bt is all that is required.
-
log_output If set, s\bsu\bud\bdo\bo will run the command in a pseudo-tty and
log all output that is sent to the screen, similar to
- the script(1) command. If the standard output or
- standard error is not connected to the user's tty, due
- to I/O redirection or because the command is part of a
- pipeline, that output is also captured and stored in
- separate log files. This flag is _\bo_\bf_\bf by default.
-
- Output is logged to the directory specified by the
- _\bi_\bo_\bl_\bo_\bg_\b__\bd_\bi_\br option (_\b/_\bv_\ba_\br_\b/_\bl_\bo_\bg_\b/_\bs_\bu_\bd_\bo_\b-_\bi_\bo by default) using a
- unique session ID that is included in the normal s\bsu\bud\bdo\bo
- log line, prefixed with ``TSID=''. The _\bi_\bo_\bl_\bo_\bg_\b__\bf_\bi_\bl_\be
- option may be used to control the format of the session
- ID. Output from the pseudo-tty is logged to the _\bt_\bt_\by_\bo_\bu_\bt
- file. Output to a pipe or redirected to a file is
- logged to the either the _\bs_\bt_\bd_\bo_\bu_\bt or _\bs_\bt_\bd_\be_\br_\br files. These
- files are in gzip (compressed) format unless the
- _\bc_\bo_\bm_\bp_\br_\be_\bs_\bs_\b__\bi_\bo option has been disabled. Due to
- buffering, the I/O log data will not be complete until
- the s\bsu\bud\bdo\bo command has completed.
-
- Output logs may be viewed with the sudoreplay(1m)
- utility, which can also be used to list or search the
- available logs.
+ the script(1) command. For more information, see the
+ _\bI_\b/_\bO _\bL_\bO_\bG _\bF_\bI_\bL_\bE_\bS section. This flag is _\bo_\bf_\bf by default.
log_year If set, the four-digit year will be logged in the (non-
syslog) s\bsu\bud\bdo\bo log file. This flag is _\bo_\bf_\bf by default.
The group provider plugin API is described in detail in sudo_plugin(1m).
L\bLO\bOG\bG F\bFO\bOR\bRM\bMA\bAT\bT
- s\bsu\bud\bdo\boe\ber\brs\bs can log events using either syslog(3) or a simple log file. In
- each case the log format is almost identical.
+ s\bsu\bud\bdo\boe\ber\brs\bs can log events using either syslog(3) or a simple log file. The
+ log format is almost identical in both cases.
A\bAc\bcc\bce\bep\bpt\bte\bed\bd c\bco\bom\bmm\bma\ban\bnd\bd l\blo\bog\bg e\ben\bnt\btr\bri\bie\bes\bs
Commands that sudo runs are logged using the following format (split into
_\bl_\bo_\bg_\bl_\bi_\bn_\be_\bl_\be_\bn option is set to 0 (or negated with a `!'), word wrap
will be disabled.
+I\bI/\b/O\bO L\bLO\bOG\bG F\bFI\bIL\bLE\bES\bS
+ When I/O logging is enabled, s\bsu\bud\bdo\bo will run the command in a pseudo-tty
+ and log all user input and/or output. I/O is logged to the directory
+ specified by the _\bi_\bo_\bl_\bo_\bg_\b__\bd_\bi_\br option (_\b/_\bv_\ba_\br_\b/_\bl_\bo_\bg_\b/_\bs_\bu_\bd_\bo_\b-_\bi_\bo by default) using a
+ unique session ID that is included in the s\bsu\bud\bdo\bo log line, prefixed with
+ ``TSID=''. The _\bi_\bo_\bl_\bo_\bg_\b__\bf_\bi_\bl_\be option may be used to control the format of
+ the session ID.
+
+ Each I/O log is stored in a separate directory that contains the
+ following files:
+
+ _\bl_\bo_\bg a text file containing the time the command was run, the name
+ of the user who ran s\bsu\bud\bdo\bo, the name of the target user, the name
+ of the target group (optional), the terminal that s\bsu\bud\bdo\bo was run
+ from, the number of rows and columns of the terminal, the
+ working directory the command was run from and the path name of
+ the command itself (with arguments if present)
+
+ _\bt_\bi_\bm_\bi_\bn_\bg a log of the amount of time between, and the number of bytes
+ in, each I/O log entry (used for session playback)
+
+ _\bt_\bt_\by_\bi_\bn input from the user's tty (what the user types)
+
+ _\bs_\bt_\bd_\bi_\bn input from a pipe or file
+
+ _\bt_\bt_\by_\bo_\bu_\bt output from the pseudo-tty (what the command writes to the
+ screen)
+
+ _\bs_\bt_\bd_\bo_\bu_\bt standard output to a pipe or redirected to a file
+
+ _\bs_\bt_\bd_\be_\br_\br standard error to a pipe or redirected to a file
+
+ All files other than _\bl_\bo_\bg are compressed in gzip format unless the
+ _\bc_\bo_\bm_\bp_\br_\be_\bs_\bs_\b__\bi_\bo option has been disabled. Due to buffering, the I/O log data
+ will not be complete until the s\bsu\bud\bdo\bo command has completed. The output
+ portion of an I/O log file can be viewed with the sudoreplay(1m) utility,
+ which can also be used to list or search the available logs.
+
+ Note that user input may contain sensitive information such as passwords
+ (even if they are not echoed to the screen), which will be stored in the
+ log file unencrypted. In most cases, logging the command output via
+ _\bl_\bo_\bg_\b__\bo_\bu_\bt_\bp_\bu_\bt or LOG_OUTPUT is all that is required.
+
+ Since each session's I/O logs are stored in a separate directory,
+ traditional log rotation utilities cannot be used to limit the number of
+ I/O logs. The simplest way to limit the number of I/O is by setting the
+ _\bm_\ba_\bx_\bs_\be_\bq option to the maximum number of logs you wish to store. Once the
+ I/O log sequence number reaches _\bm_\ba_\bx_\bs_\be_\bq, it will be reset to zero and
+ s\bsu\bud\bdo\boe\ber\brs\bs will truncate and re-use any existing I/O logs.
+
F\bFI\bIL\bLE\bES\bS
_\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf Sudo front end configuration
file distributed with s\bsu\bud\bdo\bo or https://www.sudo.ws/license.html for
complete details.
-Sudo 1.8.16 January 12, 2016 Sudo 1.8.16
+Sudo 1.8.16 January 16, 2016 Sudo 1.8.16
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.TH "SUDOERS" "5" "January 12, 2016" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDOERS" "5" "January 16, 2016" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
For more information on configuring
sudo.conf(@mansectform@),
please refer to its manual.
-.SS "Authentication and logging"
+.SS "User Authentication"
The
\fBsudoers\fR
security policy requires that most users authenticate
\fItty_tickets\fR
option can be disabled to force the use of a
single time stamp for all of a user's sessions.
+.SS "Logging"
\fBsudoers\fR
can log both successful and unsuccessful attempts (as well
as errors) to
and
\fIlogfile\fR
Defaults settings.
+See
+\fILOG FORMAT\fR
+for a description of the log file format.
.PP
-\fIsudoers\fR
-also supports logging a command's input and output
-streams.
+\fBsudoers\fR
+is also capable of running a command in a pseudo-tty and logging all
+input and/or output.
+The standard input, standard output and standard error can be logged
+even when not associated with a terminal.
I/O logging is not on by default but can be enabled using
the
\fIlog_input\fR
and
\fIlog_output\fR
-Defaults flags as well as the
+options as well as the
\fRLOG_INPUT\fR
and
\fRLOG_OUTPUT\fR
command tags.
+See
+\fII/O LOG FILES\fR
+for details on how I/O log files are stored.
.SS "Command environment"
Since environment variables can influence program behavior,
\fBsudoers\fR
If the standard input is not connected to the user's tty, due to
I/O redirection or because the command is part of a pipeline, that
input is also captured and stored in a separate log file.
+For more information, see the
+\fII/O LOG FILES\fR
+section.
This flag is
\fIoff\fR
by default.
-.sp
-Input is logged to the directory specified by the
-\fIiolog_dir\fR
-option
-(\fI@iolog_dir@\fR
-by default)
-using a unique session ID that is included in the normal
-\fBsudo\fR
-log line, prefixed with
-\(Lq\fRTSID=\fR\(Rq.
-The
-\fIiolog_file\fR
-option may be used to control the format of the session ID.
-Input from the user's tty is logged to the
-\fIttyin\fR
-file.
-Input from a pipe or file is logged to the
-\fIstdin\fR
-file.
-These files are in gzip (compressed) format unless the
-\fIcompress_io\fR
-option has been disabled.
-Due to buffering, the I/O log data will not be complete until the
-\fBsudo\fR
-command has completed.
-.sp
-Note that user input may contain sensitive information such as
-passwords (even if they are not echoed to the screen), which will
-be stored in the log file unencrypted.
-In most cases, logging the command output via
-\fIlog_output\fR
-is all that is required.
.TP 18n
log_output
If set,
to the screen, similar to the
script(1)
command.
-If the standard output or standard error is not connected to the
-user's tty, due to I/O redirection or because the command is part
-of a pipeline, that output is also captured and stored in separate
-log files.
+For more information, see the
+\fII/O LOG FILES\fR
+section.
This flag is
\fIoff\fR
by default.
-.sp
-Output is logged to the directory specified by the
-\fIiolog_dir\fR
-option
-(\fI@iolog_dir@\fR
-by default)
-using a unique session ID that is included in the normal
-\fBsudo\fR
-log line, prefixed with
-\(Lq\fRTSID=\fR\(Rq.
-The
-\fIiolog_file\fR
-option may be used to control the format of the session ID.
-Output from the pseudo-tty is logged to the
-\fIttyout\fR
-file.
-Output to a pipe or redirected to a file is logged to the either the
-\fIstdout\fR
-or
-\fIstderr\fR
-files.
-These files are in gzip (compressed) format unless the
-\fIcompress_io\fR
-option has been disabled.
-Due to buffering, the I/O log data will not be complete until the
-\fBsudo\fR
-command has completed.
-.sp
-Output logs may be viewed with the
-sudoreplay(@mansectsu@)
-utility, which can also be used to list or search the available logs.
.TP 18n
log_year
If set, the four-digit year will be logged in the (non-syslog)
can log events using either
syslog(3)
or a simple log file.
-In each case the log format is almost identical.
+The log format is almost identical in both cases.
.SS "Accepted command log entries"
Commands that sudo runs are logged using the following format (split
into multiple lines for readability):
option is set to 0 (or negated with a
\(oq\&!\(cq),
word wrap will be disabled.
+.SH "I/O LOG FILES"
+When I/O logging is enabled,
+\fBsudo\fR
+will run the command in a pseudo-tty and log all user input and/or output.
+I/O is logged to the directory specified by the
+\fIiolog_dir\fR
+option
+(\fI@iolog_dir@\fR
+by default)
+using a unique session ID that is included in the
+\fBsudo\fR
+log line, prefixed with
+\(Lq\fRTSID=\fR\(Rq.
+The
+\fIiolog_file\fR
+option may be used to control the format of the session ID.
+.PP
+Each I/O log is stored in a separate directory that contains the
+following files:
+.TP 10n
+\fIlog\fR
+a text file containing the time the command was run, the name of the user
+who ran
+\fBsudo\fR,
+the name of the target user, the name of the target group (optional),
+the terminal that
+\fBsudo\fR
+was run from, the number of rows and columns of the terminal,
+the working directory the command was run from and the path name of
+the command itself (with arguments if present)
+.TP 10n
+\fItiming\fR
+a log of the amount of time between, and the number of bytes in, each
+I/O log entry (used for session playback)
+.TP 10n
+\fIttyin\fR
+input from the user's tty (what the user types)
+.TP 10n
+\fIstdin\fR
+input from a pipe or file
+.TP 10n
+\fIttyout\fR
+output from the pseudo-tty (what the command writes to the screen)
+.TP 10n
+\fIstdout\fR
+standard output to a pipe or redirected to a file
+.TP 10n
+\fIstderr\fR
+standard error to a pipe or redirected to a file
+.PP
+All files other than
+\fIlog\fR
+are compressed in gzip format unless the
+\fIcompress_io\fR
+option has been disabled.
+Due to buffering, the I/O log data will not be complete until the
+\fBsudo\fR
+command has completed.
+The output portion of an I/O log file can be viewed with the
+sudoreplay(@mansectsu@)
+utility, which can also be used to list or search the available logs.
+.PP
+Note that user input may contain sensitive information such as
+passwords (even if they are not echoed to the screen), which will
+be stored in the log file unencrypted.
+In most cases, logging the command output via
+\fIlog_output\fR
+or
+\fRLOG_OUTPUT\fR
+is all that is required.
+.PP
+Since each session's I/O logs are stored in a separate directory,
+traditional log rotation utilities cannot be used to limit the
+number of I/O logs.
+The simplest way to limit the number of I/O is by setting the
+\fImaxseq\fR
+option to the maximum number of logs you wish to store.
+Once the I/O log sequence number reaches
+\fImaxseq\fR,
+it will be reset to zero and
+\fBsudoers\fR
+will truncate and re-use any existing I/O logs.
.SH "FILES"
.TP 26n
\fI@sysconfdir@/sudo.conf\fR
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.Dd January 12, 2016
+.Dd January 16, 2016
.Dt SUDOERS @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
For more information on configuring
.Xr sudo.conf @mansectform@ ,
please refer to its manual.
-.Ss Authentication and logging
+.Ss User Authentication
The
.Nm sudoers
security policy requires that most users authenticate
.Em tty_tickets
option can be disabled to force the use of a
single time stamp for all of a user's sessions.
+.Ss Logging
.Nm sudoers
can log both successful and unsuccessful attempts (as well
as errors) to
and
.Em logfile
Defaults settings.
+See
+.Sx "LOG FORMAT"
+for a description of the log file format.
.Pp
-.Em sudoers
-also supports logging a command's input and output
-streams.
+.Nm sudoers
+is also capable of running a command in a pseudo-tty and logging all
+input and/or output.
+The standard input, standard output and standard error can be logged
+even when not associated with a terminal.
I/O logging is not on by default but can be enabled using
the
.Em log_input
and
.Em log_output
-Defaults flags as well as the
+options as well as the
.Li LOG_INPUT
and
.Li LOG_OUTPUT
command tags.
+See
+.Sx "I/O LOG FILES"
+for details on how I/O log files are stored.
.Ss Command environment
Since environment variables can influence program behavior,
.Nm sudoers
If the standard input is not connected to the user's tty, due to
I/O redirection or because the command is part of a pipeline, that
input is also captured and stored in a separate log file.
+For more information, see the
+.Sx "I/O LOG FILES"
+section.
This flag is
.Em off
by default.
-.Pp
-Input is logged to the directory specified by the
-.Em iolog_dir
-option
-.Po
-.Pa @iolog_dir@
-by default
-.Pc
-using a unique session ID that is included in the normal
-.Nm sudo
-log line, prefixed with
-.Dq Li TSID= .
-The
-.Em iolog_file
-option may be used to control the format of the session ID.
-Input from the user's tty is logged to the
-.Pa ttyin
-file.
-Input from a pipe or file is logged to the
-.Pa stdin
-file.
-These files are in gzip (compressed) format unless the
-.Em compress_io
-option has been disabled.
-Due to buffering, the I/O log data will not be complete until the
-.Nm sudo
-command has completed.
-.Pp
-Note that user input may contain sensitive information such as
-passwords (even if they are not echoed to the screen), which will
-be stored in the log file unencrypted.
-In most cases, logging the command output via
-.Em log_output
-is all that is required.
.It log_output
If set,
.Nm sudo
to the screen, similar to the
.Xr script 1
command.
-If the standard output or standard error is not connected to the
-user's tty, due to I/O redirection or because the command is part
-of a pipeline, that output is also captured and stored in separate
-log files.
+For more information, see the
+.Sx "I/O LOG FILES"
+section.
This flag is
.Em off
by default.
-.Pp
-Output is logged to the directory specified by the
-.Em iolog_dir
-option
-.Po
-.Pa @iolog_dir@
-by default
-.Pc
-using a unique session ID that is included in the normal
-.Nm sudo
-log line, prefixed with
-.Dq Li TSID= .
-The
-.Em iolog_file
-option may be used to control the format of the session ID.
-Output from the pseudo-tty is logged to the
-.Pa ttyout
-file.
-Output to a pipe or redirected to a file is logged to the either the
-.Pa stdout
-or
-.Pa stderr
-files.
-These files are in gzip (compressed) format unless the
-.Em compress_io
-option has been disabled.
-Due to buffering, the I/O log data will not be complete until the
-.Nm sudo
-command has completed.
-.Pp
-Output logs may be viewed with the
-.Xr sudoreplay @mansectsu@
-utility, which can also be used to list or search the available logs.
.It log_year
If set, the four-digit year will be logged in the (non-syslog)
.Nm sudo
can log events using either
.Xr syslog 3
or a simple log file.
-In each case the log format is almost identical.
+The log format is almost identical in both cases.
.Ss Accepted command log entries
Commands that sudo runs are logged using the following format (split
into multiple lines for readability):
.Ql \&! ) ,
word wrap will be disabled.
.El
+.Sh I/O LOG FILES
+When I/O logging is enabled,
+.Nm sudo
+will run the command in a pseudo-tty and log all user input and/or output.
+I/O is logged to the directory specified by the
+.Em iolog_dir
+option
+.Po
+.Pa @iolog_dir@
+by default
+.Pc
+using a unique session ID that is included in the
+.Nm sudo
+log line, prefixed with
+.Dq Li TSID= .
+The
+.Em iolog_file
+option may be used to control the format of the session ID.
+.Pp
+Each I/O log is stored in a separate directory that contains the
+following files:
+.Bl -tag -width 8n
+.It Pa log
+a text file containing the time the command was run, the name of the user
+who ran
+.Nm sudo ,
+the name of the target user, the name of the target group (optional),
+the terminal that
+.Nm sudo
+was run from, the number of rows and columns of the terminal,
+the working directory the command was run from and the path name of
+the command itself (with arguments if present)
+.It Pa timing
+a log of the amount of time between, and the number of bytes in, each
+I/O log entry (used for session playback)
+.It Pa ttyin
+input from the user's tty (what the user types)
+.It Pa stdin
+input from a pipe or file
+.It Pa ttyout
+output from the pseudo-tty (what the command writes to the screen)
+.It Pa stdout
+standard output to a pipe or redirected to a file
+.It Pa stderr
+standard error to a pipe or redirected to a file
+.El
+.Pp
+All files other than
+.Pa log
+are compressed in gzip format unless the
+.Em compress_io
+option has been disabled.
+Due to buffering, the I/O log data will not be complete until the
+.Nm sudo
+command has completed.
+The output portion of an I/O log file can be viewed with the
+.Xr sudoreplay @mansectsu@
+utility, which can also be used to list or search the available logs.
+.Pp
+Note that user input may contain sensitive information such as
+passwords (even if they are not echoed to the screen), which will
+be stored in the log file unencrypted.
+In most cases, logging the command output via
+.Em log_output
+or
+.Li LOG_OUTPUT
+is all that is required.
+.Pp
+Since each session's I/O logs are stored in a separate directory,
+traditional log rotation utilities cannot be used to limit the
+number of I/O logs.
+The simplest way to limit the number of I/O is by setting the
+.Em maxseq
+option to the maximum number of logs you wish to store.
+Once the I/O log sequence number reaches
+.Em maxseq ,
+it will be reset to zero and
+.Nm
+will truncate and re-use any existing I/O logs.
.Sh FILES
.Bl -tag -width 24n
.It Pa @sysconfdir@/sudo.conf
projects / sudo / commitdiff