17

I have a server set-up and I let somebody that I trust with a little bit of sudo access have it. However, I also want an email anytime that they use sudo.

I know that I can use Defaults mail_always to get an email anytime ANYONE tries to use sudo, but I have a cron-job for OwnCloud that runs every 30 minutes and requires a sudo -u www-data at the beginning of it. Obviously, I don't want an email every 30-minutes.

How can I always get an email just for 1 specific user?

ankit7540
  • 4,145
  • 1
  • 25
  • 41

1 Answers1

23

After some experimentation, I found the answer. To set options such as mail_always or root_pw for specific users, you can add a line like this to your sudoers file after opening with visudo:

Defaults:USER_NAME mail_always

Just make sure that this line is inserted near the top, where the other Defaults options are. In addition, if you want to specify the recipient of the emails:

Defaults mailto="youremail@domain.tld"
  • 1
    also, ensure your host is actually able to send email (: – DopeGhoti May 09 '16 at 03:14
  • I don't see how this helps you - `sudo /bin/bash` will be tracked, but commands passed to the `root` `bash` won't be. Similarly, `sudo vi foo`, followed by `:!rm /etc/passwd` will not be logged. Reread `man sudoers`. You can set up sudo so that it will allow a single command, without a password. – waltinator May 09 '16 at 12:22
  • 5
    @Waltinator I know how to set-up `sudo` for single commands, or just a few commands. I've already done that. I just also wanted an email anytime one of those commands was used with `sudo` by that specific user. This solved my problem by achieving exactly what my question asked. –  May 09 '16 at 15:13
  • i put sudo in front of everything all the time. sudo sensors, sudo free, sudo pwd, sudo cd, I want the computer to know who's boss, you know? – Rabbit May 26 '20 at 15:30