You are not logged in.

Pages: 1

Topic closed

#1 2012-09-13 01:21:51

Pacopag
Member
Registered: 2011-05-29
Posts: 287

[SOLVED] Not in the sudoers file. Incident reported...where?

Hi.  I just tried a sudo command while logged in as a user that is not on the list.  I got a message saying

"username is not in the sudoers file.  This incident will be reported".

I'm just wondering WHERE this incident will be reported.  Is there some log file maybe?

Thanks.

Last edited by Pacopag (2012-09-14 14:17:44)

Offline

#2 2012-09-13 01:39:18

tylerstrayhan
Member
Registered: 2012-04-16
Posts: 29

Re: [SOLVED] Not in the sudoers file. Incident reported...where?

Pacopag wrote:

Hi.  I just tried a sudo command while logged in as a user that is not on the list.  I got a message saying

"username is not in the sudoers file.  This incident will be reported".

I'm just wondering WHERE this incident will be reported.  Is there some log file maybe?

Thanks.

If you want to add yourself into the sudoers so that you can use the sudo command, you can use the TTY and login as root. While as root open the file /etc/sudoers with your text editor (like nano) and this line:

USER_NAME   ALL=(ALL) ALL

Where USER_NAME is the username of the account you want to allow to have access to the sudo command.

Offline

#3 2012-09-13 01:48:57

ANOKNUSA
Member
Registered: 2010-10-22
Posts: 2,141

Re: [SOLVED] Not in the sudoers file. Incident reported...where?

By default, I think it writes a report about unauthorized users to syslog (or can, if it's enabled in syslog.conf).  I'm not sure about journalctl.  I've always just ignored it, since I'm the only user on this PC.

Linux != Windows  ::  Ask Questions the Smart Way  ::  Configs

Offline

#4 2012-09-13 02:25:32

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 7,140

Re: [SOLVED] Not in the sudoers file. Incident reported...where?

Maybe auth.log? Not sure though.

CLI Paste | How To Ask Questions

Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L

Offline

#5 2012-09-13 02:35:43

alexanderthegre
Member
Registered: 2012-07-29
Posts: 66

Re: [SOLVED] Not in the sudoers file. Incident reported...where?

Last I checked, it sent mail to root, checkable via the 'mail' command.

Offline

#6 2012-09-13 03:38:40

ngoonee
Forum Fellow
From: Between Thailand and Singapore
Registered: 2009-03-17
Posts: 7,356

Re: [SOLVED] Not in the sudoers file. Incident reported...where?

Reminds me of http://xkcd.com/838/

I never really bothered to find out, just assumed it got logged by syslog. Sending mail to root makes sense as well, if that has been configured on your system (most single-user systems wouldn't).

Allan-Volunteer on the (topic being discussed) mailn lists. You never get the people who matters attention on the forums.
jasonwryan-Installing Arch is a measure of your literacy. Maintaining Arch is a measure of your diligence. Contributing to Arch is a measure of your competence.
Griemak-Bleeding edge, not bleeding flat. Edge denotes falls will occur from time to time. Bring your own parachute.

Offline

#7 2012-09-13 20:45:48

ixnine
Member
Registered: 2008-11-01
Posts: 60

Re: [SOLVED] Not in the sudoers file. Incident reported...where?

You could check in auth.log (or journalctl if you're running systemd)

Offline

#8 2012-09-14 14:04:17

Pacopag
Member
Registered: 2011-05-29
Posts: 287

Re: [SOLVED] Not in the sudoers file. Incident reported...where?

Thanks for your replies.  I checked all the places everyone mentioned, except journalctl because I couldn't figure out how.  I only found a binary with that name, which I ran as root and it returned nothing.

The only place I found anything was in auth.log, just a couple of lines about the user not being a sudoer.  Thanks to all.  My curiosity is sated.

Offline

#9 2012-09-14 14:15:57

bernarcher
Forum Fellow
From: Germany
Registered: 2009-02-17
Posts: 2,281

Re: [SOLVED] Not in the sudoers file. Incident reported...where?

Yes, auth.log is the place to check regularly for incidents like this. Additionally it is (should be) possible to get informed by mail.
Please don't forget to mark this thread as [SOLVED].

To know or not to know ...
... the questions remain forever.

Offline

#10 2014-03-25 01:52:29

rh995
Member
Registered: 2012-03-09
Posts: 76

Re: [SOLVED] Not in the sudoers file. Incident reported...where?

tylerstrayhan wrote:
Pacopag wrote:

Hi.  I just tried a sudo command while logged in as a user that is not on the list.  I got a message saying

"username is not in the sudoers file.  This incident will be reported".

I'm just wondering WHERE this incident will be reported.  Is there some log file maybe?

Thanks.

If you want to add yourself into the sudoers so that you can use the sudo command, you can use the TTY and login as root. While as root open the file /etc/sudoers with your text editor (like nano) and this line:

USER_NAME   ALL=(ALL) ALL

Where USER_NAME is the username of the account you want to allow to have access to the sudo command.

Ack, I'm really sorry for bumping such an old thread and all that, but please, please, please never do what this person suggests.  Never edit /etc/sudoers with a standard text editor.  Always use visudo to edit the sudoers file, or you could be in serious trouble.

Offline

#11 2014-03-25 02:08:25

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,424
Website

Re: [SOLVED] Not in the sudoers file. Incident reported...where?

rh995 Final warning: next time you disregard the Forum Etiquette, you can expect a vacation.


Closing

Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

Pages: 1

Topic closed

Board footer

Powered by FluxBB