System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

su without (-) where to check the log?

shardam
Frequent Advisor

su without (-) where to check the log?

Hi Admin,

How can I check the user's history log who su omitted (-)? The history is not able to capture from root and even user's history log.

Appreciate your kind response.
4 REPLIES
Dennis Handly
Acclaimed Contributor

Re: su without (-) where to check the log?

Hmm, I would expect that if you just use "su", your new history will be in the same file as previous, if there was one.
Michael Steele_2
Honored Contributor

Re: su without (-) where to check the log?

Hi

Sounds like your not set up for the basic history file. For either root or user's .profile and for Korn shell, 'export HISTFILE=.sh_history' should exist. To verify from either, 'env | grep -i his'.
Support Fatherhood - Stop Family Law
shardam
Frequent Advisor

Re: su without (-) where to check the log?

Hi Michael,

history file was there in the profile of root and even from the normal account, but wonder if someone just su (w/out -) and knows passwd of root, then we cannot ablel to tract down what r the cmds that user's been executed. We're implementing some security root audit from d company.

Hi Dennis,

Yeah, but I noticed the env is still somehow strange for the given values and parameters that was set there.

Is there any possible way that we can still tract who user accnt who su (w/o -) and able to get the history log of it.
Dennis Handly
Acclaimed Contributor

Re: su without (-) where to check the log?

>Is there any possible way that we can still tract who user account who su (w/o -) and able to get the history log of it.

Not by using the shell history mechanism.
You may want to look into sudo or RBAC.
Some other threads:
http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=649574
http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=1357406
http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=1342438