Many times I got warning/notice while accidentally tried to do some privileged action using my non-root account like below,
gulu@workpc:~$ sudo apt-get update
[sudo] password for gulu:
gulu is not in the sudoers file. This incident will be reported.
But when I logged into my sudoers account I never received any report of such an incident. Where are the reports reported?
How to access those? Or is it some trivial Warning message for non-sudoers?
Best Answer
This reports are sent as email to the
rootuser.In case of above user gulu, account(which was not in the sudoers list) tries to access sudo command,so a sudoers violation message as mail was sent to the root account.
Actually those reports are sent as email to the root (root@localhost). In order to receive and read those messages you need to setup a mailserver.
To set a mail server read this answer How are administrators supposed to read root's mail?
Once you set the mailserver, you will receive those reports as mail from the user (here gulu) who is associated with such action of sudoers violation to root with subject "SECURITY information for
<localhost name as in /etc/hostname>". And you will be able to read those using Thunderbird. But any incident happened before setting the mail server will not be reported.