3

Many times I got warning/notice while accidentally tried to do some privileged action using my non-root account like below,

gulu@workpc:~$ sudo apt-get update
[sudo] password for gulu: 
gulu is not in the sudoers file.  This incident will be reported.

But when I logged into my sudoers account I never received any report of such an incident. Where are the reports reported?

How to access those? Or is it some trivial Warning message for non-sudoers?

Avinash Raj
  • 78,556
sourav c.
  • 44,715

1 Answers1

0

This reports are sent as email to the root user.

In case of above user gulu, account(which was not in the sudoers list) tries to access sudo command,so a sudoers violation message as mail was sent to the root account.

Actually those reports are sent as email to the root (root@localhost). In order to receive and read those messages you need to setup a mailserver.

To set a mail server read this answer How are administrators supposed to read root's mail?

Once you set the mailserver, you will receive those reports as mail from the user (here gulu) who is associated with such action of sudoers violation to root with subject "SECURITY information for <localhost name as in /etc/hostname>". And you will be able to read those using Thunderbird. But any incident happened before setting the mail server will not be reported.

Community
  • 1
Avinash Raj
  • 78,556
  • You did't add this account to the sudoers file,so you can't use superuser do command. – Avinash Raj Dec 01 '13 at 10:22
  • you replaced root account with the account(gulu) that was not in the sudoers file.(gulu@workpc:~$) – Avinash Raj Dec 01 '13 at 10:25
  • 1
    you have to setup a mailserver to receive local mails see this http://askubuntu.com/questions/2261/how-are-administrators-supposed-to-read-roots-mail – Avinash Raj Dec 01 '13 at 13:52
  • thanks for your answer. I got the sudoers violation message as mail from gulu to root with subject "SECURITY information" after setting the mail server. – sourav c. Dec 01 '13 at 16:25