Along side the question "Username is not in the sudoers file. This incident will be reported" that explained the programical aspects of the error and suggested some workarounds, I want to know: what does this error mean?
X is not in the sudoers file. This incident will be reported.
The former part of the error explains, clearly, the error. But the second part says that "This error will be reported"?! But why? Why the error will be reported and where? To whom? I'm both user and administrator and didn't receive any report :)!
Best Answer
The administrator(s) of a system are likely to want to know when a non-privileged user tries but fails to execute commands using
sudo. If this happens, it could be a sign ofSince
sudoby itself can not distinguish between these, failed attempts to usesudoare brought to the attention of the admins.Depending on how
sudois configured on your system, any attempt (successful or not) to usesudowill be logged. Successful attempts are logged for audit purposes (to be able to keep track of who did what when), and failed attempts for security.On a fairly vanilla Ubuntu setup that I have, this is logged in
/var/log/auth.log.If a user gives the wrong password three times, or if they are not in the
sudoersfile, an email is sent to root (depending on the configuration ofsudo, see below). This is what's meant by "this incident will be reported".The email will have a prominent subject:
The body of the message contains the relevant lines from the logfile, for example
(Here, the user
nobodytried to runlsthroughsudoas root, but failed since they were not in thesudoersfile).No email is sent if (local) mail has not been set up on the system.
All of these things are configurable as well, and that local variations in the default configuration may differ between Unix variants.
Have a look at the
mail_no_usersetting (and relatedmail_*settings) in thesudoersmanual (my emphasis below):