30

The first time you try and sudo on a server you get the sudo warning;

We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.

#2) Think before you type.

#3) With great power comes great responsibility.

Does anyone know the file you need to edit to amend this warning?

Community
  • 1
Toby
  • 630
  • 2
  • 7
  • 17

1 Answers1

45

It's compiled-in:

[root@risby]# strings /usr/bin/sudo|grep privacy
    #1) Respect the privacy of others.

Happily, however, my man sudoers admits of the string lecture_file which it says is the

[p]ath to a file containing an alternate sudo lecture that will be used in place of the standard lecture if the named file exists. By default, sudo uses a built-in lecture.

So see if your sudo supports that, and if it does, set it to a particular filename with e.g.

Defaults        lecture_file = /etc/sudoers.lecture

and put your lecture text in that file. You may find this easier to test, as I did, if you also do (using visudo for best practice)

Defaults        lecture = always

which will display the lecture on every invocation of sudo. Otherwise you may run out of accounts which have never sudo'ed while you get this right!

If your sudo is old enough not to support these variables, you will need to recompile from source. That has its own attendant worries, so you will wish to think very hard before doing that purely for cosmetic reasons.

MadHatter
  • 78,442
  • 20
  • 178
  • 229
  • 4
    And if your sudo is old enough to NOT have lecture_file, it's teeming with security vulnerabilities. The feature was added in a 2004 commit. https://www.sudo.ws/repos/sudo/rev/940133231216 – jblaine Jul 07 '17 at 22:21
  • @jblaine back in 2011 when I wrote the answer, RedHat's tendency to backport patches rather than continually update to the latest version meant that might not have been true. By now, I'm fairly sure you're right! – MadHatter Jul 08 '17 at 07:02