Sorry, I miswrote. The actual issue is not that the user hasn't typed a password right, but that the user is not in the sudoers file and trying to run a sudo command.
Doing that just once is reported with an e-mail to root. (Would you believe it?) People have been complaining about this for years. It's a pretty poor feature.
If the intent is to remind root that some users are missing sudo access who ought ot have sudo access, the phrasing is all wrong: "this incident will be reported" is disciplinary language, like the user has done something wrong.
Likely they are just copying and pasting something from a web search (or got from an AI chat, nowadays).
The entirely separate su program generates no e-mails from people guessing the password wrong. You can grep your auth.log for that, if you care.
I just tried su with one bad password attempt on a Debian box. The program quit immediately and logged this:
Apr 30 2023 15:37:21 localhost su[22401]: FAILED su for root by kaz
Apr 30 2023 15:37:21 localhost su[22401]: - /dev/pts/6 kaz:root
that is the real message to root: the log. Don't bug people with e-mails.
The correct requirement of a failed sudo would be to emit a message conveying this meaning: "Sudo didn't execute your command because your account is not listed in the sudoers file. If you think you should be, contact your administrator." It should not be contacting the administrator for you.
Doing that just once is reported with an e-mail to root. (Would you believe it?) People have been complaining about this for years. It's a pretty poor feature.
If the intent is to remind root that some users are missing sudo access who ought ot have sudo access, the phrasing is all wrong: "this incident will be reported" is disciplinary language, like the user has done something wrong.
Likely they are just copying and pasting something from a web search (or got from an AI chat, nowadays).
The entirely separate su program generates no e-mails from people guessing the password wrong. You can grep your auth.log for that, if you care.
I just tried su with one bad password attempt on a Debian box. The program quit immediately and logged this:
that is the real message to root: the log. Don't bug people with e-mails.The correct requirement of a failed sudo would be to emit a message conveying this meaning: "Sudo didn't execute your command because your account is not listed in the sudoers file. If you think you should be, contact your administrator." It should not be contacting the administrator for you.