- This is a
securelogging change of behavior between Red Hat Enterprise Linux 5 and 6.
- It has been noted that one can run any/all commands through
sudo, even after one has done
sudo -sand gotten to a
root shell. In other words, even after one is in a
rootshell, prefixing commands with
sudoto log the actual user, command and timestamp to
- However under RHEL5 such a log entry would show
sudo: realuser ... USER=root, while under RHEL6 it records
sudo: root ... USER=root, thereby disguising the actual user.
- What has changed between RHEL5 and 6 for
securelogging ? Can one make RHEL6 do the same as RHEL5 far as this goes?
- Is this some kind of environment handling issue, or
- Red Hat Enterprise Linux 6.4
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.