HPE Community
Operating System - HP-UX
1836607 Members
1839 Online
110102 Solutions
New Discussion

general

 
Cathy Arora
Frequent Advisor

‎10-23-2003 02:45 AM

‎10-23-2003 02:45 AM

general

Hi All;
Is there a way to figure out who is logged in as root. maybe workstation name or any other meaningful credentials.

Thanks
raj
0 Kudos
Reply
11 REPLIES 11
Steven E. Protter
Exalted Contributor

‎10-23-2003 02:50 AM

‎10-23-2003 02:50 AM

Re: general

who -u will show you the hostname/ip of who is logged on.

who -f | grep -i root

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Pramod_4
Trusted Contributor

‎10-23-2003 02:50 AM

‎10-23-2003 02:50 AM

Re: general

Who -u | grep root
0 Kudos
Reply
Umapathy S
Honored Contributor

‎10-23-2003 02:54 AM

‎10-23-2003 02:54 AM

Re: general

Cathy,
who -uT will give the details. But if the users are logged in from another hpux box, I feel this wont show the correct results (PCs from which the users login).

HTH,
Umapathy
Arise Awake and Stop NOT till the goal is Reached!
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎10-23-2003 03:27 AM

‎10-23-2003 03:27 AM

Re: general

You can also do a 'who -R | grep root' and it will show you the IP Address or hostname that the user is logged in from.
0 Kudos
Reply
Bruno Ganino
Honored Contributor

‎10-23-2003 05:25 AM

‎10-23-2003 05:25 AM

Re: general

who -r
Example of output :
system boot Feb 10 07:10 2 0 S
Torino (Turin) +2H
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎10-23-2003 05:49 AM

‎10-23-2003 05:49 AM

Re: general

Bruno,

If you'll notice in my response, I used the '-R' (upper case R). Try that. Totally different output. It will list the hostanme or IP address of the machine the user is connecting from. Remember that unix is very case-sensitive. ;)

see 'man who' for more information.
0 Kudos
Reply
Sanjay_6
Honored Contributor

‎10-23-2003 06:48 AM

‎10-23-2003 06:48 AM

Re: general

Hi Cathy,

Who -R normally shows the ip address or the fully qualified name of the workstation logged in into the system. I had exceed trace on my windows workstation, through which i can trace any ip address or workstation name, allowing me to know who is connecting to my server and from where.

Hope this helps.

Regds
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎10-23-2003 09:42 AM

‎10-23-2003 09:42 AM

Re: general

How about something like:

for i in `who -u |awk '{print $2}'`
do
ps -ef|grep $i |grep root
done

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Michael Tully
Honored Contributor

‎10-23-2003 10:04 AM

‎10-23-2003 10:04 AM

Re: general

Seems you have enough information on how to find where root is, but have you thought about disabling the root account from anywhere other than the console and installing 'sudo'. It is easily installed and from then you can see who is using 'root'. You can get 'sudo' from here:

http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.6.6/

Generate a file called /etc/securetty and place the word console in it, with file permissions of 400 root:root
Anyone for a Mutiny ?
0 Kudos
Reply
Bruno Ganino
Honored Contributor

‎10-23-2003 07:25 PM

‎10-23-2003 07:25 PM

Re: general

For Cathy: Try w command also;
(display who is on and what they are doing)
Synopsis is :w [ -fhlsuW ] [ user ]

w -l (long output)
w -W (shows a wider field for the program name)

If a user name is included, the output is restricted to that user.

-----------
For Patrick:
In my manual the who command NOT has the option -R.
who [-mu] -s [-bHlprt] [ file ]
who [-mTu] [-abdHlprt] [ file ]
who -qn x [ file ]

Bruno


Torino (Turin) +2H
0 Kudos
Reply
Elmar P. Kolkman
Honored Contributor

‎10-23-2003 08:06 PM

‎10-23-2003 08:06 PM

Re: general

Problem with the solutions so far are that you only see where root is coming from when they login as root. If they login (e.g. as themselves) and then do a su they don't show up right in who (which contains the -R option on both hpux 10.20 and 11.00 here).

Another problem is that not all sessions show up in who. And you won't get historical information.

Instead of using who, I would recommend last. It has the same option (-R) to get the ip or name from where the login came (in your case: last -R root

If you are only interested in active sessions, a better way is to look at the proces list for processes running as root and then look for the parent processes until you find the original user. If you want this, I can look further into this to give an example script.
Every problem has at least one solution. Only some solutions are harder to find.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.