18

I have a server set-up and I let somebody that I trust with a little bit of sudo access have it. However, I also want an email anytime that they use sudo.

I know that I can use Defaults mail_always to get an email anytime ANYONE tries to use sudo, but I have a cron-job for OwnCloud that runs every 30 minutes and requires a sudo -u www-data at the beginning of it. Obviously, I don't want an email every 30-minutes.

How can I always get an email just for 1 specific user?

ankit7540
  • 4,195

1 Answers1

23

After some experimentation, I found the answer. To set options such as mail_always or root_pw for specific users, you can add a line like this to your sudoers file after opening with visudo:

Defaults:USER_NAME mail_always

Just make sure that this line is inserted near the top, where the other Defaults options are. In addition, if you want to specify the recipient of the emails:

Defaults mailto="youremail@domain.tld"
  • 1
    also, ensure your host is actually able to send email (: – DopeGhoti May 09 '16 at 03:14
  • I don't see how this helps you - sudo /bin/bash will be tracked, but commands passed to the root bash won't be. Similarly, sudo vi foo, followed by :!rm /etc/passwd will not be logged. Reread man sudoers. You can set up sudo so that it will allow a single command, without a password. – waltinator May 09 '16 at 12:22
  • 5
    @Waltinator I know how to set-up sudo for single commands, or just a few commands. I've already done that. I just also wanted an email anytime one of those commands was used with sudo by that specific user. This solved my problem by achieving exactly what my question asked. –  May 09 '16 at 15:13
  • i put sudo in front of everything all the time. sudo sensors, sudo free, sudo pwd, sudo cd, I want the computer to know who's boss, you know? – Rabbit May 26 '20 at 15:30