This reports are sent as email to the root
user.
In case of above user gulu, account(which was not in the sudoers list) tries to access sudo command,so a sudoers violation message as mail was sent to the root account.
Actually those reports are sent as email to the root (root@localhost). In order to receive and read those messages you need to setup a mailserver.
To set a mail server read this answer How are administrators supposed to read root's mail?
Once you set the mailserver, you will receive those reports as mail from the user (here gulu) who is associated with such action of sudoers violation to root with subject "SECURITY information for <localhost name as in /etc/hostname>
". And you will be able to read those using Thunderbird. But any incident happened before setting the mail server will not be reported.
… what's the difference in security …?
In terms of the authentication and filesystem permissions, honestly, not much. We can wax lyrical about policykit
and sudoers
but these are just technicalities. Windows has had equivalent mechanisms for well over a decade.
The core difference was in default settings. A normal, just-bought-a-computer Windows user would have full system write access. No prompts. No UAC. Even though XP could be locked down, its users were indoctrinated into just being able to do stuff, permissions be damned.
Microsoft has —despite constant resistance from veteran users— improved on this over time.
But the important thing is that users are still, statistically speaking, idiots. If they want something (a repo for a graphics driver, a batch of screensavers, or even dripping wet Warhammer figurines) they're probably going to click the closest thing to Okay! Just install it! until they have what they want.
A few years ago I wrote how Linux isn't invulnerable. Exactly the same applies to Windows, even today.
Don't get me wrong, Ubuntu still has a lot on its side:
- Open source is the big one. You can view almost all the code running on your system (except binary blob drivers and firmwares).
- Ubuntu also has its repositories which are maintained by trusted developers. These make a lot of software available in a safe environment without users needing to go fishing.
- The same mechanism provides system-wide security updates. For non-core software, Windows relies on applications updating themselves.
- Mechanisms like AppArmor and SELinux to sandbox applications, limiting what they can touch.
- A smaller user-base has traditionally meant we're a less juicy target for malware creators.
These are all things that can be sidestepped... 0-Day exploits still affect us and a targeted attack on a user or demographic is just as likely to succeed if everything else is equal.
Best Answer
Use
pkexec
instead. If the current user doesn't have privileges, or if there are multiple users who can authorize an action, it will prompt you to select the user:pkexec
, of course, does not follow thesudo
configuration, but its own. However, if you added admin users by adding them to thesudo
group, they will also be granted Polkit admin rights by Ubuntu's default configuration.