1 1
Miguel

How to stop sudo PAM messages in auth.log for a specific user

Recommended Posts

Hello 

 

I´m use ARMBIAN 5.65 in OrangePi+ 2E, I have admin user to execute one custom scritp, it uses sudo to run commnads as root, but prints this messages in /var/log/auth.log every few seconds.

Dec  4 17:15:11 ORANGEZN3 sudo:     root : TTY=unknown ; PWD=/home/admin ; USER=root ; COMMAND=/usr/sbin/i2cdetect -y 0
Dec  4 17:15:11 ORANGEZN3 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec  4 17:15:11 ORANGEZN3 sudo: pam_unix(sudo:session): session closed for user root

I have same problem in my raspberry pi 3 and I can stopt this messages with de following code in /etc/pam.d/sudo file

session [success=done default=ignore] pam_succeed_if.so quiet uid = 0 user = root ruser = admin
session    required   pam_env.so readenv=1 user_readenv=0
session    required   pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0

But in ARMBIAN 5.65 not work. do you have any idea about this?

 

Thank you in advance

Share this post


Link to post
Share on other sites
10 hours ago, Miguel said:

I´m use ARMBIAN 5.65 in OrangePi+ 2E, I have admin user to execute one custom scritp, it uses sudo to run commnads as root, but prints this messages in /var/log/auth.log every few seconds.

 

Depends - but if this is a script that runs on a period basis, add it to root's crontab, and don't mess with sudo in the first place...

 

The root account is normally disabled on many distro's, but one can enable it by setting a secure password (sudo passwd root)

Share this post


Link to post
Share on other sites

 

17 hours ago, sfx2000 said:

 

Depends - but if this is a script that runs on a period basis, add it to root's crontab, and don't mess with sudo in the first place...

 

The root account is normally disabled on many distro's, but one can enable it by setting a secure password (sudo passwd root)

 

Thank you for your help. The script not runs on a period basis, i can not put in crontab. I know that my script not is the correct solution but I can not change it in this moment, I would like remove the messages in auth.log, I don´t understand why my solution works in rasperry pi with raspbian but not in ARMBIAN 5.65 (OrangePi+ 2E).

 

Share this post


Link to post
Share on other sites
5 hours ago, Miguel said:

I don´t understand why my solution works in rasperry pi with raspbian but not in ARMBIAN 5.65

 

Armbian is not Raspbian

 

In any event - take a look at /proc/sys/kernel/printk -- that's the settings for what kernel does with logging...

 

the man page - klogctl

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
1 1