HPE Community
Operating System - HP-UX
1753783 Members
6835 Online
108799 Solutions
New Discussion юеВ

Who has su-ed as root?

 
SOLVED
Go to solution
mogiro
Regular Advisor

тАО04-08-2008 07:43 AM

тАО04-08-2008 07:43 AM

Who has su-ed as root?

Hi,
I have a group of users who really needs to be root on machines.
I have created a user id for each user, and disable the root direct login in sshd_config. So what I want is the users log into the system with their owm userid and then su to root. But I want to create a root ssh_history file for each user, I mean, I want a file named something like .ssh_history_userid to be able to know who has issued a command on the system as root.
So my question is, how can I know in the moment of the su to root who has issued the su.
I hope I have been clear on my explanation...
Thanks in advance!!
0 Kudos
10 REPLIES 10
Laurent Menase
Honored Contributor

тАО04-08-2008 07:47 AM

тАО04-08-2008 07:47 AM

Re: Who has su-ed as root?

echo $LOGNAME
0 Kudos
Duncan Edmonstone
HPE Pro

тАО04-08-2008 07:50 AM

тАО04-08-2008 07:50 AM

Solution

Re: Who has su-ed as root?

Try:

who am i

HTH

Duncan

I am an HPE Employee
Accept or Kudo
0 Kudos
MarkSyder
Honored Contributor

тАО04-09-2008 01:45 AM

тАО04-09-2008 01:45 AM

Re: Who has su-ed as root?

An alternative would be to use sudo. This will give the users access to root commands (advisable to disable su to root) and give you a full record of who has done what.

Mark Syder (like the drink but spelt different)
The triumph of evil requires only that good men do nothing
0 Kudos
Sajjad Sahir
Honored Contributor

тАО04-09-2008 01:48 AM

тАО04-09-2008 01:48 AM

Re: Who has su-ed as root?

u can implement sudo
0 Kudos
Sajjad Sahir
Honored Contributor

тАО04-09-2008 01:55 AM

тАО04-09-2008 01:55 AM

Re: Who has su-ed as root?


1. set the path variable to run the
vi sudo by using the command
#PATH=$PATH:/usr/local/sbin

#vi sudo
enter the user name to access as a
super user
0 Kudos
mogiro
Regular Advisor

тАО04-09-2008 02:27 AM

тАО04-09-2008 02:27 AM

Re: Who has su-ed as root?

Hi all,
I know the sudo option, but I trust in these user's, no problem with them. I just want to know who do what.
The who am i option is the best solution to my question. Thanks to all for your comments.
0 Kudos
Laurent Menase
Honored Contributor

тАО04-09-2008 04:23 AM

тАО04-09-2008 04:23 AM

Re: Who has su-ed as root?

su doesn't change LOGNAME env variable
so you can use it.
0 Kudos
Robin T. Slotten
Trusted Contributor

тАО04-09-2008 07:44 AM

тАО04-09-2008 07:44 AM

Re: Who has su-ed as root?

Try this in /etc/profile
I didn't do a lot of testing, but if I was logged in as myself, this detected the shell owner and worked. If you su to root after you have su'd to root, it can be defeated.

It is also defeated if you su (without the dash)

It will give you a start anyway.

############# snip

MYUSER=$(who -u |grep $PPID |awk '{ print $1 }')
if [ -n "$MYUSER" ];then
MYUSER=_$MYUSER
fi

HISTFILE=$HOME/.sh_history$MYUSER
############ snip done

Rob...
IF you do it more than twice, write a script.
0 Kudos
mogiro
Regular Advisor

тАО04-09-2008 07:52 AM

тАО04-09-2008 07:52 AM

Re: Who has su-ed as root?

Hi,
I did something similar to keep the IP and the user in the .profile of the root user:

USER=`who am i|awk '{print $1}'`
REG=`who am i|awk '{print $2}'`;VAR=`who -R | grep $REG | awk '{print $6}'| cut -d "(" -f 2 | cut -d ")" -f 1`
HISTFILE=${HOME}/.sh_history/.sh_history_$VAR"_"$USER

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.