5

Change sudo defaults only for sudo -i

view full story
linux-howto

http://serverfault.com – At my site the typical sudoers setup has Defaults mail_always globally set so we can keep track of what the users are generally using sudo for (which should be very infrequent) and sort out fixing the permissions for common actions. This is disabled per role account that needs to execute things as root. We've shifted to a policy of discourage direct logins as role accounts for the purposes of auditing and preventing the role users from becoming "party accounts". Thus, we have a lot of logins as a regular user than then immediately invoke sudo -u <role account> -i. I would really like (HowTos)