UNIX / Linux: Send E-mail When sudo Runs

I‘m not told to use the root user to perform activities that do not require it. I’ve configured sudo for myself and for other web developers so that they can restart MySQL or Apache web server. How do I send email when sudo run by one of my user? How do I keep track of user login done via sudo command?

sudo does greatly enhances the security of the system without sharing root password with other users and admins. sudo provides simple auditing and tracking features too.

Configure sudo To Send E-mail

Sudo can be configured to to send e-mail when the sudo command is used. Open /etc/sudoers file, enter:
# vi /etc/sudoers
Configure alter email id:

   mailto "admin@staff.example.com" 
   mail_always on


  • mailto “admin@staff.example.com” : Your email id.
  • mail_always : Send mail to the mailto user every time a users runs sudo. This flag is off by default.

Additional options:

Option Description
mail_badpass Send mail to the mailto user if the user running sudo does not enter the correct password. This flag is off by default.
mail_no_host If set, mail will be sent to the mailto user if the invoking user exists in the sudoers file, but is not allowed to run commands on the current host. This flag is off by default.
mail_no_perms If set, mail will be sent to the mailto user if the invoking user is allowed to use sudo but the command they are trying is not listed in their sudoers file entry or is explicitly denied. This flag is off by default.
mail_no_user If set, mail will be sent to the mailto user if the invoking user is not in the sudoers file. This flag is on by default.

Sudo Logfile

By default, sudo logs vis syslog. You can see sudo log in /var/log/auth.log (Debian / Ubuntu) or /var/log/secure (Redhat and friends). However, you can set path to the sudo log file (not the syslog log file). Setting a path turns on logging to a file; negating this option turns it off. Type the following command to edit the file:
# sudoedit /etc/sudoers
Set path to log file:

   Defaults        !lecture,tty_tickets,!fqdn,!syslog
   Defaults        logfile=/var/log/sudo.log

Save and close the file. To see logs type:
# tail -f /var/log/sudo.log
# egrep -i 'foo' /var/log/sudo.log
# egrep -i 'user1|user2|cmd2' /var/log/sudo.log

Sample Outputs:

Jul  1 12:30:13 : vivek : TTY=pts/3 ; PWD=/home/vivek ; USER=root ; COMMAND=/bin/bash
Jul  1 12:34:02 : vivek : TTY=pts/0 ; PWD=/home/vivek ; USER=root ;
    COMMAND=sudoedit /etc/sudoers

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 12 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
12 comments… add one
  • Liju Jul 1, 2009 @ 10:43


    Good tips for staging-prod servers.. to catch all the activities….

  • Lava Kafle Jul 1, 2009 @ 11:30

    thanks great tip for us

  • Jennifer DiNardo Jul 1, 2009 @ 11:57

    Thanks! This is one more step in creating a secure server environment and it keeps me from having to check the log files often.

  • Rolf Jul 3, 2009 @ 19:52

    I had to write it like this:
    Defaults mailto="sudoers@domain.com",mail_always

  • 🐧 nixCraft Jul 7, 2009 @ 9:51


    Can you tell us about your sudo version?

    • Babin Lonston May 26, 2014 @ 8:09

      Im Using Centos Version

      [sysadmin@li406-64 ~]$ cat /etc/redhat-release
      CentOS release 6.4 (Final)

      I’m Using Sudo Version

      [sysadmin@backup-srv ~]$ sudo -V
      Sudo version 1.8.6p3
      Sudoers policy plugin version 1.8.6p3
      Sudoers file grammar version 42
      Sudoers I/O plugin version 1.8.6p3

      tried to setup notification mail for sudo, added this entry in bottom of sudo file using command visudo, But getting syntax error

      Defaults mailto “babin@xxxxxxxxx.com”
      Defaults mailfrom “root@media.xxxxxxxxxxx.com
      Defaults mail_always on
      Defaults mailsub “*** Command run via sudo on %h ***”
      Defaults mail_badpass on
      Defaults badpass_message “Please Provide Correct Password”
      Defaults !lecture,tty_tickets,!fqdn,!syslog
      Defaults logfile=/var/log/sudo.log

      This what the error im keep on getting while saving the sudo

      121 Defaults mailto “babin@xxxxxxxxx.com”
      122 Defaults mailfrom “root@media.xxxxxxxxxxx.com
      123 Defaults mail_always on
      124 Defaults mailsub “*** Command run via sudo on %h ***”
      125 Defaults mail_badpass on
      126 Defaults badpass_message “Please Provide Correct Password”
      127 Defaults !lecture,tty_tickets,!fqdn,!syslog
      128 Defaults logfile=/var/log/sudo.log


      visudo: >>> /etc/sudoers: syntax error near line 121 <<>> /etc/sudoers: syntax error near line 121 <<<
      What now?

      Please guide me how to setup the mail notification for Sudo version 1.8.6p3

  • M.S. Babaei Aug 1, 2009 @ 3:34

    Great!! Good job!!

  • Gokul Dec 22, 2009 @ 13:08

    I want to configure SUDO password when I use sudo command in terminal than It should be ask for password every time.
    When I use putty and cert key than it is not asked for password.

  • ambrozy May 1, 2010 @ 18:41

    Vivek: I have the same problem as Rolf. My sudo version is 1.6.9p17

    And this is what happens:
    I am editing /etc/sudoers with visudo. The result of adding 3 lines which you can find below:

    Defaults env_reset
    mailto “admin@staff.example.com”
    mail_always on

    is that I’m getting error message:

    ambrozy@zeus:~$ sudo visudo
    >>> sudoers file: syntax error, line 8 <<>> sudoers file: syntax error, line 10 <<<

    with "Defaults" at the beggining it's working fine:

    Defaults !lecture,tty_tickets,!fqdn,!syslog
    Defaults logfile=/var/log/sudo.log
    Defaults mailto="noc@wired.pl",mail_always
    Defaults mail_badpass, mailsub="** BAD AUTHENICATION: %U %h **"
    Defaults mail_no_user, mailsub="** USER NOT IN SUDOERS: %U %h **"
    Defaults mail_no_perms, mailsub="** SUDO PERMISSION ABUSE: %U %h **"

  • Sandeep Dec 31, 2010 @ 4:41

    Be careful while editing sudoers file u wont be able to get access as root again in that case enter single user mode (recovery mode ) and delete line we had added in sudoers file and reboot…i too got error while editing sudoers file

  • Billy Crook Oct 9, 2011 @ 18:21


    That’s because you’re not supposed to edit /etc/sudoers. You’re a human. That file is not for humans. Do not attempt to edit that file. Instead, run the command visudo.

  • Lingeswaran Aug 19, 2014 @ 17:52

    [root@Local~]# cat /etc/sudoers |grep -i mail
    [root@Local ~]#
    But still getting email when user tries to use sudo command.

    Aug 19 13:44:59 : ysn_srv : user NOT in sudoers ; TTY=pts/1 ; PWD=/home/ysn_srv ; USER=root ; COMMAND=/usr/bin/test -f /smarts/test.info

    How to stop these emails ?


Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum