topic Re: Who has su-ed as root? in Operating System - HP-UX

Who has su-ed as root?

mogiro — Tue, 08 Apr 2008 14:43:27 GMT

Hi,
I have a group of users who really needs to be root on machines.
I have created a user id for each user, and disable the root direct login in sshd_config. So what I want is the users log into the system with their owm userid and then su to root. But I want to create a root ssh_history file for each user, I mean, I want a file named something like .ssh_history_userid to be able to know who has issued a command on the system as root.
So my question is, how can I know in the moment of the su to root who has issued the su.
I hope I have been clear on my explanation...
Thanks in advance!!

Re: Who has su-ed as root?

Laurent Menase — Tue, 08 Apr 2008 14:47:31 GMT

echo $LOGNAME

Re: Who has su-ed as root?

Duncan Edmonstone — Tue, 08 Apr 2008 14:50:46 GMT

Try:

who am i

HTH

Duncan

Re: Who has su-ed as root?

MarkSyder — Wed, 09 Apr 2008 08:45:16 GMT

An alternative would be to use sudo. This will give the users access to root commands (advisable to disable su to root) and give you a full record of who has done what.

Mark Syder (like the drink but spelt different)

Re: Who has su-ed as root?

Sajjad Sahir — Wed, 09 Apr 2008 08:48:04 GMT

u can implement sudo

Re: Who has su-ed as root?

Sajjad Sahir — Wed, 09 Apr 2008 08:55:27 GMT

1. set the path variable to run the
vi sudo by using the command
#PATH=$PATH:/usr/local/sbin

#vi sudo
enter the user name to access as a
super user

Re: Who has su-ed as root?

mogiro — Wed, 09 Apr 2008 09:27:31 GMT

Hi all,
I know the sudo option, but I trust in these user's, no problem with them. I just want to know who do what.
The who am i option is the best solution to my question. Thanks to all for your comments.

Re: Who has su-ed as root?

Laurent Menase — Wed, 09 Apr 2008 11:23:29 GMT

su doesn't change LOGNAME env variable
so you can use it.

Re: Who has su-ed as root?

Robin T. Slotten — Wed, 09 Apr 2008 14:44:55 GMT

Try this in /etc/profile
I didn't do a lot of testing, but if I was logged in as myself, this detected the shell owner and worked. If you su to root after you have su'd to root, it can be defeated.

It is also defeated if you su (without the dash)

It will give you a start anyway.

############# snip

MYUSER=$(who -u |grep $PPID |awk '{ print $1 }')
if [ -n "$MYUSER" ];then
MYUSER=_$MYUSER
fi

HISTFILE=$HOME/.sh_history$MYUSER
############ snip done

Rob...

Re: Who has su-ed as root?

mogiro — Wed, 09 Apr 2008 14:52:13 GMT

Hi,
I did something similar to keep the IP and the user in the .profile of the root user:

USER=`who am i|awk '{print $1}'`
REG=`who am i|awk '{print $2}'`;VAR=`who -R | grep $REG | awk '{print $6}'| cut -d "(" -f 2 | cut -d ")" -f 1`
HISTFILE=${HOME}/.sh_history/.sh_history_$VAR"_"$USER

Re: Who has su-ed as root?

mogiro — Wed, 09 Apr 2008 14:52:35 GMT

USER=`who am i|awk '{print $1}'`
REG=`who am i|awk '{print $2}'`;VAR=`who -R | grep $REG | awk '{print $6}'| cut -d "(" -f 2 | cut -d ")" -f 1`
HISTFILE=${HOME}/.sh_history/.sh_history_$VAR"_"$USER