1834329 Members
2506 Online
110066 Solutions
New Discussion

general

 
Cathy Arora
Frequent Advisor

general

Hi All;
Is there a way to figure out who is logged in as root. maybe workstation name or any other meaningful credentials.

Thanks
raj
11 REPLIES 11
Steven E. Protter
Exalted Contributor

Re: general

who -u will show you the hostname/ip of who is logged on.

who -f | grep -i root

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Pramod_4
Trusted Contributor

Re: general

Who -u | grep root
Umapathy S
Honored Contributor

Re: general

Cathy,
who -uT will give the details. But if the users are logged in from another hpux box, I feel this wont show the correct results (PCs from which the users login).

HTH,
Umapathy
Arise Awake and Stop NOT till the goal is Reached!
Patrick Wallek
Honored Contributor

Re: general

You can also do a 'who -R | grep root' and it will show you the IP Address or hostname that the user is logged in from.
Bruno Ganino
Honored Contributor

Re: general

who -r
Example of output :
system boot Feb 10 07:10 2 0 S
Torino (Turin) +2H
Patrick Wallek
Honored Contributor

Re: general

Bruno,

If you'll notice in my response, I used the '-R' (upper case R). Try that. Totally different output. It will list the hostanme or IP address of the machine the user is connecting from. Remember that unix is very case-sensitive. ;)

see 'man who' for more information.
Sanjay_6
Honored Contributor

Re: general

Hi Cathy,

Who -R normally shows the ip address or the fully qualified name of the workstation logged in into the system. I had exceed trace on my windows workstation, through which i can trace any ip address or workstation name, allowing me to know who is connecting to my server and from where.

Hope this helps.

Regds
Geoff Wild
Honored Contributor

Re: general

How about something like:

for i in `who -u |awk '{print $2}'`
do
ps -ef|grep $i |grep root
done

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Michael Tully
Honored Contributor

Re: general

Seems you have enough information on how to find where root is, but have you thought about disabling the root account from anywhere other than the console and installing 'sudo'. It is easily installed and from then you can see who is using 'root'. You can get 'sudo' from here:

http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.6.6/

Generate a file called /etc/securetty and place the word console in it, with file permissions of 400 root:root
Anyone for a Mutiny ?
Bruno Ganino
Honored Contributor

Re: general

For Cathy: Try w command also;
(display who is on and what they are doing)
Synopsis is :w [ -fhlsuW ] [ user ]

w -l (long output)
w -W (shows a wider field for the program name)

If a user name is included, the output is restricted to that user.

-----------
For Patrick:
In my manual the who command NOT has the option -R.
who [-mu] -s [-bHlprt] [ file ]
who [-mTu] [-abdHlprt] [ file ]
who -qn x [ file ]

Bruno


Torino (Turin) +2H
Elmar P. Kolkman
Honored Contributor

Re: general

Problem with the solutions so far are that you only see where root is coming from when they login as root. If they login (e.g. as themselves) and then do a su they don't show up right in who (which contains the -R option on both hpux 10.20 and 11.00 here).

Another problem is that not all sessions show up in who. And you won't get historical information.

Instead of using who, I would recommend last. It has the same option (-R) to get the ip or name from where the login came (in your case: last -R root

If you are only interested in active sessions, a better way is to look at the proces list for processes running as root and then look for the parent processes until you find the original user. If you want this, I can look further into this to give an example script.
Every problem has at least one solution. Only some solutions are harder to find.