check_mailq, nrpe, and root perms on client
Marc Powell
marc at ena.com
Mon Jun 15 21:59:03 CEST 2009
On Jun 15, 2009, at 2:02 PM, Kevin Freels wrote:
> I've done my research on seeing if sudo can be set to not log certain
> commands/users/groups, but haven't found anything. I think that's
> because sudo was never meant to be ignored when a command is run; you
> *want* to be notified if someone runs a root comand as a mortal user.
Not particularly. IMHO, you've given them permission to run the
command; isn't that good enough? That's why most of the mail_* options
are to notify you of exceptions to that.
> It's unwieldable to set up mail filters to filter out those messages,
> since, as I said, sudo's purpose it to inform. Add that you'd need
> to do
> this every time a new client is added, and it's simply not an elegant
> solution.
>
> Obviously, someone wrote check_mailq and it was included in the
> distributions, so it must have worked at one point in time (or there
> was
> a workaround to get it to work).
It is working and there's no workaround needed in standard installs.
The choice made in your specific sudo configuration (mail_always =
yes), isn't the norm IMHO so you're seeing different behavior. There
may not be a workaround that isn't unwieldy (filters and the like) or
that potentially compromises your security (suid, etc).
--
Marc
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list