Hi.. I defined sudoers file as # sudoers file. # # This file MUST be edited with the 'visudo' command as root. # # User privilege specification root ALL=(ALL) ALL jim ALL=(ALL) ALL Defaults logfile=/var/log/sudolog So Jim as root access, but I found Jim can modify the log file /var/log/sudolog as well using sudo. How to prevent it from change the log file? Question 2. I saw the following article, don't you feel it is stupid configuration. If Jim need to know root password to use sudo why not let he su to root ? # Defaults specification Defaults:jim timestamp_timeout=0, runaspw, passwd_tries=1 This changes three things. First, "jim" needs root's password to run sudo (because of "runaspw"). Second, the password will not be remembered (timestamp_timeout), and he gets only one chance to enter it (the default is three tries). __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
