Ubuntu – Is it possible to stop .sudo_as_admin_successful being created


Every time I execute a command with sudo, a file called .sudo_as_admin_successful is created in my home directory. As far as I can tell, this exists for the sole purpose of disabling this message that bash prints on startup:

To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.

It's possible to stop that message by commenting out the relevant section in /etc/bash.bashrc, but sudo still creates an annoying file in my home directory.

This webpage suggests that you can stop the file being created by removing yourself from the admin group, but I'm not in any such group, and admin isn't in /etc/group.

Is there a way to stop this file being created?

I believe this is not a duplicate of this question, as that was asking if it was possible to make the notice printed by bash go away, rather than if it's possible to stop the file being created by sudo.

Best Answer

Based on the following section of the plugins/sudoers/sudoers.c source code file, it doesn't look like it's possible without recompiling sudo, undefining the USE_ADMIN_FLAG pre-processor macro.

Also, note that it's checking for group membership of both admin and sudo. I haven't checked the changelog, but I suspect the latter check was added when sudo became the default group for privileged users - perhaps the filename still refers to admin for compatibility.

1229 #ifdef USE_ADMIN_FLAG
1230 static int
1231 create_admin_success_flag(void)
1232 {
1233     struct stat statbuf;
1234     char flagfile[PATH_MAX];
1235     int len, fd = -1;
1236     debug_decl(create_admin_success_flag, SUDOERS_DEBUG_PLUGIN)
1238     /* Check whether the user is in the admin group. */
1239     if (!user_in_group(sudo_user.pw, "admin") &&
1240         !user_in_group(sudo_user.pw, "sudo"))
1241         debug_return_int(true);
1243     /* Build path to flag file. */
1244     len = snprintf(flagfile, sizeof(flagfile), "%s/.sudo_as_admin_successful",
1245         user_dir);
1246     if (len <= 0 || (size_t)len >= sizeof(flagfile))
1247         debug_return_int(false);
1249     /* Create admin flag file if it doesn't already exist. */
1250     if (set_perms(PERM_USER)) {
1251         if (stat(flagfile, &statbuf) != 0) {
1252             fd = open(flagfile, O_CREAT|O_WRONLY|O_EXCL, 0644);
1253             if (fd != -1)
1254                 close(fd);
1255         }
1256         if (!restore_perms())
1257             debug_return_int(-1);
1258     }
1259     debug_return_int(fd != -1);
1260 }
1261 #else /* !USE_ADMIN_FLAG */
1262 static int
1263 create_admin_success_flag(void)
1264 {
1265     /* STUB */
1266     return true;
1267 }
1268 #endif /* USE_ADMIN_FLAG */