[gentoo-user] Manual pages (man pages) have ESC all through them when having used sudo.

[gentoo-user] Manual pages (man pages) have ESC all through them when having used sudo.

[ubiquitous1980]

If I have logged in through sudo such as $ sudo su, when I then use man
pages, they are covered in "ESC".  This does not occur when using normal
user accounts or the root account through su.  Wondering what is going
on.  Thanks.

Re: [gentoo-user] Manual pages (man pages) have ESC all through them when having used sudo.

[Dan Cowsill]

On Sat, Feb 27, 2010 at 10:57 PM, ubiquitous1980 <nixuser1980@gmail.com> wrote:
> If I have logged in through sudo such as $ sudo su, when I then use man
> pages, they are covered in "ESC".  This does not occur when using normal
> user accounts or the root account through su.  Wondering what is going
> on.  Thanks.
>
>

Kind of curious about this myself.  It has just been a minor annoyance
to me for the last couple of years, but it seems to show up only when
logged onto root.

[gentoo-user] Re: Manual pages (man pages) have ESC all through them when having used sudo.

[Nikos Chantziaras]

On 02/28/2010 05:57 AM, ubiquitous1980 wrote:
> If I have logged in through sudo such as $ sudo su, when I then use man
> pages, they are covered in "ESC".  This does not occur when using normal
> user accounts or the root account through su.  Wondering what is going
> on.  Thanks.

Some ENV variables are unset by sudo.

But anyway, "sudo su" makes zero sense :P

Re: [gentoo-user] Manual pages (man pages) have ESC all through them when having used sudo.

[ubiquitous1980]

Dan Cowsill wrote:
> On Sat, Feb 27, 2010 at 10:57 PM, ubiquitous1980 <nixuser1980@gmail.com> wrote:
>   
>> If I have logged in through sudo such as $ sudo su, when I then use man
>> pages, they are covered in "ESC".  This does not occur when using normal
>> user accounts or the root account through su.  Wondering what is going
>> on.  Thanks.
>>
>>
>>     
>
> Kind of curious about this myself.  It has just been a minor annoyance
> to me for the last couple of years, but it seems to show up only when
> logged onto root.
>
>   
Wondering if it is a bug??? Perhaps a USE flag...who knows as yet...

Re: [gentoo-user] Re: Manual pages (man pages) have ESC all through them when having used sudo.

[ubiquitous1980]

Nikos Chantziaras wrote:
> On 02/28/2010 05:57 AM, ubiquitous1980 wrote:
>> If I have logged in through sudo such as $ sudo su, when I then use man
>> pages, they are covered in "ESC".  This does not occur when using normal
>> user accounts or the root account through su.  Wondering what is going
>> on.  Thanks.
>
> Some ENV variables are unset by sudo.
>
> But anyway, "sudo su" makes zero sense :P
>
>
sudo su makes sense if you want to use the root account while having the
root account locked.  Some, like Ubuntu, do it for security reasons. 
Not sure if they are valid, but I thought I would put this little
problem out there for someone to make comment on.

Re: [gentoo-user] Re: Manual pages (man pages) have ESC all through them when having used sudo.

[Dale]

chrome://messenger/locale/messengercompose/composeMsgs.properties:
> Nikos Chantziaras wrote:
>    
>> On 02/28/2010 05:57 AM, ubiquitous1980 wrote:
>>      
>>> If I have logged in through sudo such as $ sudo su, when I then use man
>>> pages, they are covered in "ESC".  This does not occur when using normal
>>> user accounts or the root account through su.  Wondering what is going
>>> on.  Thanks.
>>>        
>> Some ENV variables are unset by sudo.
>>
>> But anyway, "sudo su" makes zero sense :P
>>
>>
>>      
> sudo su makes sense if you want to use the root account while having the
> root account locked.  Some, like Ubuntu, do it for security reasons.
> Not sure if they are valid, but I thought I would put this little
> problem out there for someone to make comment on.
>
>    

I don't use sudo or su but I have seen this a time or two.  I have no 
clue why tho.  It was a while ago but I was in a console at the time.  I 
usually use a Konsole within KDE.  I don't recall ever seeing this 
problem there.

I was curious but never thought is would be more than just me that saw this.

Dale

:-)  :-)

Re: [gentoo-user] Manual pages (man pages) have ESC all through them when having used sudo.

[Dan Johansson]

On Sunday 28 February 2010 04.57:36 ubiquitous1980 wrote:
> If I have logged in through sudo such as $ sudo su, when I then use man
> pages, they are covered in "ESC".  This does not occur when using normal
> user accounts or the root account through su.  Wondering what is going
> on.  Thanks.
And I have the exact opposite on one of my rigs. Viewing man pages as a normal 
user and it get cluttered with ESC..., but view the same page after doing a 
'sudo su -' everything is OK.
-- 
Dan Johansson, <http://www.dmj.nu>
***************************************************
This message is printed on 100% recycled electrons!
***************************************************

Re: [gentoo-user] Manual pages (man pages) have ESC all through them when having used sudo.

[pk]

ubiquitous1980 wrote:
> If I have logged in through sudo such as $ sudo su, when I then use man
> pages, they are covered in "ESC".  This does not occur when using normal
> user accounts or the root account through su.  Wondering what is going
> on.  Thanks.

Q: Have you tried "... su -" (the dash is important since it will read
the environment for root login otherwise the environment will be the
same as for current user).

http://lists.debian.org/debian-security/2006/07/msg00059.html

Best regards

Peter K

Re: [gentoo-user] Re: Manual pages (man pages) have ESC all through them when having used sudo.

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 629 bytes --]

On Sun, 28 Feb 2010 13:06:43 +0800, ubiquitous1980 wrote:

> > Some ENV variables are unset by sudo.

You can alter that behaviour in /etc/sudoers. I have

Defaults:%wheel !env_reset

and don't see this.

> > But anyway, "sudo su" makes zero sense :P

> sudo su makes sense if you want to use the root account while having the
> root account locked.

The root account is hardly locked if you can log into it with sudo su
(or sudo screen) but sudo -s or sudo -i make more sense in this
situation.


-- 
Neil Bothwick

Politicians are like nappies
Both should be changed regularly, and for the same reason

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-user] Re: Manual pages (man pages) have ESC all through them when having used sudo.

[ubiquitous1980]

Neil Bothwick wrote:
> On Sun, 28 Feb 2010 13:06:43 +0800, ubiquitous1980 wrote:
>
>   
>>> Some ENV variables are unset by sudo.
>>>       
>
> You can alter that behaviour in /etc/sudoers. I have
>
> Defaults:%wheel !env_reset
>
> and don't see this.
>
>   
>>> But anyway, "sudo su" makes zero sense :P
>>>       
>
>   
>> sudo su makes sense if you want to use the root account while having the
>> root account locked.
>>     
>
> The root account is hardly locked if you can log into it with sudo su
> (or sudo screen) but sudo -s or sudo -i make more sense in this
> situation.
>
>
>   
localhost ubiquitous1980 # passwd -l root
Password changed.
localhost ubiquitous1980 # exit
exit
ubiquitous1980@localhost ~ $ su
Password:
su: Authentication failure
ubiquitous1980@localhost ~ $ sudo su
Password:
Your account has expired; please contact your system administrator
su: User account has expired
(Ignored)
localhost ubiquitous1980 #

Re: [gentoo-user] Manual pages (man pages) have ESC all through them when having used sudo.

[ubiquitous1980]

pk wrote:
> ubiquitous1980 wrote:
>   
>> If I have logged in through sudo such as $ sudo su, when I then use man
>> pages, they are covered in "ESC".  This does not occur when using normal
>> user accounts or the root account through su.  Wondering what is going
>> on.  Thanks.
>>     
>
> Q: Have you tried "... su -" (the dash is important since it will read
> the environment for root login otherwise the environment will be the
> same as for current user).
>
> http://lists.debian.org/debian-security/2006/07/msg00059.html
>
> Best regards
>
> Peter K
>
>   
With "sudo su - " the man pages do not have ESC throughout.  I have
learned sudo su from my ubuntu days and I am only guessing that this is
bad practice and that the correct command is $ sudo su -

Thanks

Damien

Re: [gentoo-user] Manual pages (man pages) have ESC all through them when having used sudo.

[pk]

ubiquitous1980 wrote:

>> http://lists.debian.org/debian-security/2006/07/msg00059.html

> With "sudo su - " the man pages do not have ESC throughout.  I have
> learned sudo su from my ubuntu days and I am only guessing that this is
> bad practice and that the correct command is $ sudo su -

No need to guess. Messing with superuser privileges without a proper
superuser environment (paths etc.) is considered bad from a security
point of view; for instance, an malicious application could be installed
in your user home dir, prepend the path to this to your local user $PATH
and whenever you do "su" (without -) you could invoke this app with
superuser privileges...
So to summarize: The link above (debian.org) explains it quite well and
yes, I would say it's a bad habit to omit -. :-)

Best regards

Peter K

Re: [gentoo-user] Manual pages (man pages) have ESC all through them when having used sudo.

[ubiquitous1980]

pk wrote:
> ubiquitous1980 wrote:
>
>   
>>> http://lists.debian.org/debian-security/2006/07/msg00059.html
>>>       
>
>   
>> With "sudo su - " the man pages do not have ESC throughout.  I have
>> learned sudo su from my ubuntu days and I am only guessing that this is
>> bad practice and that the correct command is $ sudo su -
>>     
>
> No need to guess. Messing with superuser privileges without a proper
> superuser environment (paths etc.) is considered bad from a security
> point of view; for instance, an malicious application could be installed
> in your user home dir, prepend the path to this to your local user $PATH
> and whenever you do "su" (without -) you could invoke this app with
> superuser privileges...
> So to summarize: The link above (debian.org) explains it quite well and
> yes, I would say it's a bad habit to omit -. :-)
>
> Best regards
>
> Peter K
>
>   
Thanks for your explanation and I will remember this lesson.]

Thanks,

Damien

Re: [gentoo-user] Manual pages (man pages) have ESC all through them when having used sudo.

[ubiquitous1980]

pk wrote:
> ubiquitous1980 wrote:
>
>   
>>> http://lists.debian.org/debian-security/2006/07/msg00059.html
>>>       
>
>   
>> With "sudo su - " the man pages do not have ESC throughout.  I have
>> learned sudo su from my ubuntu days and I am only guessing that this is
>> bad practice and that the correct command is $ sudo su -
>>     
>
> No need to guess. Messing with superuser privileges without a proper
> superuser environment (paths etc.) is considered bad from a security
> point of view; for instance, an malicious application could be installed
> in your user home dir, prepend the path to this to your local user $PATH
> and whenever you do "su" (without -) you could invoke this app with
> superuser privileges...
> So to summarize: The link above (debian.org) explains it quite well and
> yes, I would say it's a bad habit to omit -. :-)
>
> Best regards
>
> Peter K
>
>   
Investigated this further...

With su, PATH=/sbin:/bin:/usr/sbin:/usr/bin

With sudo su, PATH=/sbin:/bin:/usr/sbin:/usr/bin

With sudo su -,
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.3.4:/usr/lib64/subversion/bin

This final PATH is the same as my user's account.  I thought that this
would be the other way around, and that with $ sudo su - I would expect
the normal root path as to prevent a malicious program settinga  path
and allowing execution without identifying its specific location at the CLI.

Perhaps I am confused.

Thanks

Damien

Re: [gentoo-user] Re: Manual pages (man pages) have ESC all through them when having used sudo.

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 759 bytes --]

On Sun, 28 Feb 2010 18:48:56 +0800, ubiquitous1980 wrote:

> > The root account is hardly locked if you can log into it with sudo su
> > (or sudo screen) but sudo -s or sudo -i make more sense in this
> > situation.

> localhost ubiquitous1980 # passwd -l root
> Password changed.
> localhost ubiquitous1980 # exit
> exit
> ubiquitous1980@localhost ~ $ su
> Password:
> su: Authentication failure
> ubiquitous1980@localhost ~ $ sudo su
> Password:
> Your account has expired; please contact your system administrator
> su: User account has expired
> (Ignored)
> localhost ubiquitous1980 #

What's your point?


-- 
Neil Bothwick

Windoze95 Quote: Why is the Pentium 166 so fast? - Its for booting
faster, if Windows crashed again.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-user] Re: Manual pages (man pages) have ESC all through them when having used sudo.

[ubiquitous1980]

Neil Bothwick wrote:
> On Sun, 28 Feb 2010 18:48:56 +0800, ubiquitous1980 wrote:
>
>   
>>> The root account is hardly locked if you can log into it with sudo su
>>> (or sudo screen) but sudo -s or sudo -i make more sense in this
>>> situation.
>>>       
>
>   
>> localhost ubiquitous1980 # passwd -l root
>> Password changed.
>> localhost ubiquitous1980 # exit
>> exit
>> ubiquitous1980@localhost ~ $ su
>> Password:
>> su: Authentication failure
>> ubiquitous1980@localhost ~ $ sudo su
>> Password:
>> Your account has expired; please contact your system administrator
>> su: User account has expired
>> (Ignored)
>> localhost ubiquitous1980 #
>>     
>
> What's your point?
>
>
>   
That you stated that the root account was hardly locked if I can sudo su
into it.  If you take me as truthful, then you can see that I have done
exactly that: locked the account and sudo su'ed into it.  I think you
already knew that was possible, so I am countering the semantics of the
issue.

Re: [gentoo-user] Re: Manual pages (man pages) have ESC all through them when having used sudo.

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 672 bytes --]

On Sun, 28 Feb 2010 22:03:36 +0800, ubiquitous1980 wrote:

> That you stated that the root account was hardly locked if I can sudo su
> into it.  If you take me as truthful, then you can see that I have done
> exactly that: locked the account and sudo su'ed into it.  I think you
> already knew that was possible, so I am countering the semantics of the
> issue.

My point was that if you can get into it, it is not truly locked. You
have prevented one means of accessing it, but not totally locked it.

Anyway, sudo -i/s is a cleaner way of opening a root session IMO.


-- 
Neil Bothwick

Nothing is illegal if one hundred businessmen decide to do it.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

[gentoo-user] Re: Manual pages (man pages) have ESC all through them when having used sudo.

[walt]

On 02/27/2010 08:32 PM, Dan Cowsill wrote:
> On Sat, Feb 27, 2010 at 10:57 PM, ubiquitous1980<nixuser1980@gmail.com>  wrote:
>> If I have logged in through sudo such as $ sudo su, when I then use man
>> pages, they are covered in "ESC".  This does not occur when using normal
>> user accounts or the root account through su.  Wondering what is going
>> on.  Thanks.
>>
>>
>
> Kind of curious about this myself.  It has just been a minor annoyance
> to me for the last couple of years, but it seems to show up only when
> logged onto root.

There are several environment variables that affect the output of man,
e.g. PAGER, LESS, LESSCOLOR, LESSOPEN, LESSIGNORE, the contents of
~/.lessfilter and probably other things I can't remember.

Any of those might be different for root.

Re: [gentoo-user] Manual pages (man pages) have ESC all through them when having used sudo.

[stosss]

On Sun, Feb 28, 2010 at 7:28 AM, pk <peterk2@coolmail.se> wrote:
> ubiquitous1980 wrote:
>
>>> http://lists.debian.org/debian-security/2006/07/msg00059.html
>
>> With "sudo su - " the man pages do not have ESC throughout.  I have
>> learned sudo su from my ubuntu days and I am only guessing that this is
>> bad practice and that the correct command is $ sudo su -
>
> No need to guess. Messing with superuser privileges without a proper
> superuser environment (paths etc.) is considered bad from a security
> point of view; for instance, an malicious application could be installed
> in your user home dir, prepend the path to this to your local user $PATH
> and whenever you do "su" (without -) you could invoke this app with
> superuser privileges...
> So to summarize: The link above (debian.org) explains it quite well and
> yes, I would say it's a bad habit to omit -. :-)

7 years ago a veteran Linux user taught me to always use su - for the
very reason you stated.

Re: [gentoo-user] Manual pages (man pages) have ESC all through them when having used sudo.

[William Hubbs]

[-- Attachment #1: Type: text/plain, Size: 1304 bytes --]

On Sun, Feb 28, 2010 at 03:56:13PM -0500, stosss wrote:
> On Sun, Feb 28, 2010 at 7:28 AM, pk <peterk2@coolmail.se> wrote:
> > ubiquitous1980 wrote:
> >
> >>> http://lists.debian.org/debian-security/2006/07/msg00059.html
> >
> >> With "sudo su - " the man pages do not have ESC throughout. ?I have
> >> learned sudo su from my ubuntu days and I am only guessing that this is
> >> bad practice and that the correct command is $ sudo su -
> >
> > No need to guess. Messing with superuser privileges without a proper
> > superuser environment (paths etc.) is considered bad from a security
> > point of view; for instance, an malicious application could be installed
> > in your user home dir, prepend the path to this to your local user $PATH
> > and whenever you do "su" (without -) you could invoke this app with
> > superuser privileges...
> > So to summarize: The link above (debian.org) explains it quite well and
> > yes, I would say it's a bad habit to omit -. :-)
> 
> 7 years ago a veteran Linux user taught me to always use su - for the
> very reason you stated.
 
 Actually, you are safe with either "su -" (without sudo) or "sudo -i".
 "sudo su -" is chaining "su -" on top of sudo, and is redundant because
 "sudo -i" and "su -" do the same thing afaik.

 William


[-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-user] Re: Manual pages (man pages) have ESC all through them when having used sudo.

[Alan McKinnon]

On Sunday 28 February 2010 07:06:43 ubiquitous1980 wrote:
> Nikos Chantziaras wrote:
> > On 02/28/2010 05:57 AM, ubiquitous1980 wrote:
> >> If I have logged in through sudo such as $ sudo su, when I then use man
> >> pages, they are covered in "ESC".  This does not occur when using normal
> >> user accounts or the root account through su.  Wondering what is going
> >> on.  Thanks.
> > 
> > Some ENV variables are unset by sudo.
> > 
> > But anyway, "sudo su" makes zero sense :P
> 
> sudo su makes sense if you want to use the root account while having the
> root account locked.  Some, like Ubuntu, do it for security reasons.
> Not sure if they are valid, but I thought I would put this little
> problem out there for someone to make comment on.

I use "sudo su" a lot,a nd make it available to other root users on my 
servers. It all makes perfect sense it the context of:

1. The password for the root account is secret. Changing it is a real ball-
ache, something not undertaken lightly.
2. The password is know to very very few persons, and ideally would be kept in 
a locked safe needing signed CTO approval to open it.
3. I have a provisioning system that deploys user, their keys and password 
hashes.
4. The person running "sudo su" is authorized to do so, so he gets root. 
There's an audit trail too as not just anyone can get to my remote sysloggers.
5. When someone leaves, in the old days we had to manually change 100+ root 
passwords, and of course always forget at least one. Now I run one command on 
my user provisioning system and within 30 minutes that person's access is 
gone, and I can guarantee a) it's gone everywhere b) there are no back doors
6. Not all OSes out there support sudo -i

So in the context of multi-admin servers, sudo su (or sudo -i if you will) 
make perfect sense, and su far less so.


-- 
alan dot mckinnon at gmail dot com

Re: [gentoo-user] Manual pages (man pages) have ESC all through them when having used sudo.

[Alan McKinnon]

On Sunday 28 February 2010 23:27:57 William Hubbs wrote:
> > 7 years ago a veteran Linux user taught me to always use su - for the
> > very reason you stated.
> 
>  
>  Actually, you are safe with either "su -" (without sudo) or "sudo -i".
>  "sudo su -" is chaining "su -" on top of sudo, and is redundant because
>  "sudo -i" and "su -" do the same thing afaik.

"sudo su" and "su" have a fundamental difference, vital in corporate networks:

The former uses the user's password for authentication and sudoers for 
authorization. The latter uses knowledge of the root password for 
authorization and authentication. See my other post in this thread.

On the work servers I enforce "sudo su"

OTOH, "sudo su" is indeed pretty pointless on a single-user machine. I never 
bother with sudo on this gentoo notebook for instance.

-- 
alan dot mckinnon at gmail dot com

Re: [gentoo-user] Manual pages (man pages) have ESC all through them when having used sudo.

[William Hubbs]

[-- Attachment #1: Type: text/plain, Size: 869 bytes --]

On Mon, Mar 01, 2010 at 12:16:14AM +0200, Alan McKinnon wrote:
> "sudo su" and "su" have a fundamental difference, vital in corporate networks:
> 
> The former uses the user's password for authentication and sudoers for 
> authorization. The latter uses knowledge of the root password for 
> authorization and authentication. See my other post in this thread.
 
 Actually, what you just said about "sudo su" applies only to "sudo".
 When you run "sudo su", what you are doing is running sudo then
 authenticating to it, and running su, as root, after you authenticate
 to sudo.

> On the work servers I enforce "sudo su"
 
 Actually, you could just have people use "sudo -i" or "sudo -s" if they
 want a shell with root access.  If they want to run a program with root
 privileges and the root environment, they can use "sudo -i command".

William


[-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-user] Manual pages (man pages) have ESC all through them when having used sudo.

[Alan McKinnon]

On Monday 01 March 2010 00:57:17 William Hubbs wrote:
> On Mon, Mar 01, 2010 at 12:16:14AM +0200, Alan McKinnon wrote:
> > "sudo su" and "su" have a fundamental difference, vital in corporate
> > networks:
> > 
> > The former uses the user's password for authentication and sudoers for
> > authorization. The latter uses knowledge of the root password for
> > authorization and authentication. See my other post in this thread.
> 
>  Actually, what you just said about "sudo su" applies only to "sudo".
>  When you run "sudo su", what you are doing is running sudo then
>  authenticating to it, and running su, as root, after you authenticate
>  to sudo.

You misunderstand my intent. To get root via sudo, you authenticate using the 
user's Unix account. The emphasis here is on what sudo does, not the intricate 
subtleties of what it does with the subsequent su, or any other variation of 
the same.

I don't want to start a pointless semantic argument on this, just realize it's 
all about sudo and the following "su" is a mere example (other things could 
have sufficed, I used that one)


> 
> > On the work servers I enforce "sudo su"
> 
>  Actually, you could just have people use "sudo -i" or "sudo -s" if they
>  want a shell with root access.  If they want to run a program with root
>  privileges and the root environment, they can use "sudo -i command".
> 
> William


Don't read my post as literally meaning they must type the 7 characters "sudo 
su". Read it more as "use any feature of sudo you feel like to get a root 
shell, but you must use sudo. As opposed to using su alone".
-- 
alan dot mckinnon at gmail dot com

Re: [gentoo-user] Manual pages (man pages) have ESC all through them when having used sudo.

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 663 bytes --]

On Mon, 1 Mar 2010 01:07:21 +0200, Alan McKinnon wrote:

> Don't read my post as literally meaning they must type the 7 characters
> "sudo su". Read it more as "use any feature of sudo you feel like to
> get a root shell, but you must use sudo. As opposed to using su alone".

The problem with this in your situation is that you only get a log entry
when the user switches to root, not for whatever they do in that root
shell, whereas having them run each command with sudo logs every action
they take as root. Or do you have a way of auditing the commands run from
the root shell?


-- 
Neil Bothwick

Press button to test: release to detonate.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-user] Manual pages (man pages) have ESC all through them when having used sudo.

[Alan McKinnon]

On Monday 01 March 2010 03:47:12 Neil Bothwick wrote:
> On Mon, 1 Mar 2010 01:07:21 +0200, Alan McKinnon wrote:
> > Don't read my post as literally meaning they must type the 7 characters
> > "sudo su". Read it more as "use any feature of sudo you feel like to
> > get a root shell, but you must use sudo. As opposed to using su alone".
> 
> The problem with this in your situation is that you only get a log entry
> when the user switches to root, not for whatever they do in that root
> shell, whereas having them run each command with sudo logs every action
> they take as root. Or do you have a way of auditing the commands run from
> the root shell?


We just log the fact of running sudo. The admins are trusted to not cock 
things up, and if they do, to not try and hide it. The philosophy is simple - 
if we feel we can't trust you, we would not have hired you.

Editing root's history after the fact to hide your tracks is considered a 
heinous crime of unimaginable proportions. Anyone caught doing it is sentenced 
to buy cake for the entire technical team. That's about 100 people. And when I 
saw cake I don't mean a teeny weeny jam tart each, I mean cake - chocolate 
filled croissants, black forest and my personal favourite: 4 inch high carrot 
cake.

People only buy cake once around here :-)

-- 
alan dot mckinnon at gmail dot com

Re: [gentoo-user] Manual pages (man pages) have ESC all through them when having used sudo.

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 853 bytes --]

On Mon, 1 Mar 2010 11:08:22 +0200, Alan McKinnon wrote:

> We just log the fact of running sudo. The admins are trusted to not
> cock things up, and if they do, to not try and hide it. The philosophy
> is simple - if we feel we can't trust you, we would not have hired you.

That is sensible, if not good for your BOFH rating :)

> Editing root's history after the fact to hide your tracks is considered
> a heinous crime of unimaginable proportions. Anyone caught doing it is
> sentenced to buy cake for the entire technical team. That's about 100
> people. And when I saw cake I don't mean a teeny weeny jam tart each, I
> mean cake - chocolate filled croissants, black forest and my personal
> favourite: 4 inch high carrot cake.

I take that back :)


-- 
Neil Bothwick

Forget the Joneses...I can't keep up with The Simpsons.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-user] Manual pages (man pages) have ESC all through them when having used sudo.

[Mick]

[-- Attachment #1: Type: Text/Plain, Size: 1151 bytes --]

On Monday 01 March 2010 10:11:18 Neil Bothwick wrote:
> On Mon, 1 Mar 2010 11:08:22 +0200, Alan McKinnon wrote:
> > We just log the fact of running sudo. The admins are trusted to not
> > cock things up, and if they do, to not try and hide it. The philosophy
> > is simple - if we feel we can't trust you, we would not have hired you.
> 
> That is sensible, if not good for your BOFH rating :)
> 
> > Editing root's history after the fact to hide your tracks is considered
> > a heinous crime of unimaginable proportions. Anyone caught doing it is
> > sentenced to buy cake for the entire technical team. That's about 100
> > people. And when I saw cake I don't mean a teeny weeny jam tart each, I
> > mean cake - chocolate filled croissants, black forest and my personal
> > favourite: 4 inch high carrot cake.
> 
> I take that back :)

Coming back to the OP, on a brand new installation, while on the console and 
logged in as root user, I also see ESC all over the man pages.  I do not have 
this problem on older boxen, nor do I remember noticing it in the past.  What 
is causing it and what is the fix?
-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-user] Manual pages (man pages) have ESC all through them when having used sudo.

[Alan McKinnon]

On Tuesday 02 March 2010 08:33:07 Mick wrote:
> On Monday 01 March 2010 10:11:18 Neil Bothwick wrote:
> > On Mon, 1 Mar 2010 11:08:22 +0200, Alan McKinnon wrote:
> > > We just log the fact of running sudo. The admins are trusted to not
> > > cock things up, and if they do, to not try and hide it. The philosophy
> > > is simple - if we feel we can't trust you, we would not have hired you.
> > 
> > That is sensible, if not good for your BOFH rating :)
> > 
> > > Editing root's history after the fact to hide your tracks is considered
> > > a heinous crime of unimaginable proportions. Anyone caught doing it is
> > > sentenced to buy cake for the entire technical team. That's about 100
> > > people. And when I saw cake I don't mean a teeny weeny jam tart each, I
> > > mean cake - chocolate filled croissants, black forest and my personal
> > > favourite: 4 inch high carrot cake.
> > 
> > I take that back :)
> 
> Coming back to the OP, on a brand new installation, while on the console
> and logged in as root user, I also see ESC all over the man pages.  I do
> not have this problem on older boxen, nor do I remember noticing it in the
> past.  What is causing it and what is the fix?


Compare the environment between root and a non-root user when running a login 
shell.

The answer should be self-evident when you have the correct data in front of 
you to compare



-- 
alan dot mckinnon at gmail dot com

Re: [gentoo-user] Manual pages (man pages) have ESC all through them when having used sudo.

[Kostya Sha]

Try `env-update && source /etc/profile`.