Along side the question "Username is not in the sudoers file. This incident will be reported" that explained the programical aspects of the error and suggested some workarounds, I want to know: what does this error mean?
X is not in the sudoers file. This incident will be reported.
The former part of the error explains, clearly, the error. But the second part says that "This error will be reported"?! But why? Why the error will be reported and where? To whom? I'm both user and administrator and didn't receive any report :)!
Best Answer
The administrator(s) of a system are likely to want to know when a non-privileged user tries but fails to execute commands using
sudo
. If this happens, it could be a sign ofSince
sudo
by itself can not distinguish between these, failed attempts to usesudo
are brought to the attention of the admins.Depending on how
sudo
is configured on your system, any attempt (successful or not) to usesudo
will be logged. Successful attempts are logged for audit purposes (to be able to keep track of who did what when), and failed attempts for security.On a fairly vanilla Ubuntu setup that I have, this is logged in
/var/log/auth.log
.If a user gives the wrong password three times, or if they are not in the
sudoers
file, an email is sent to root (depending on the configuration ofsudo
, see below). This is what's meant by "this incident will be reported".The email will have a prominent subject:
The body of the message contains the relevant lines from the logfile, for example
(Here, the user
nobody
tried to runls
throughsudo
as root, but failed since they were not in thesudoers
file).No email is sent if (local) mail has not been set up on the system.
All of these things are configurable as well, and that local variations in the default configuration may differ between Unix variants.
Have a look at the
mail_no_user
setting (and relatedmail_*
settings) in thesudoers
manual (my emphasis below):