HPE Community
Operating System - HP-UX
1847730 Members
3267 Online
110265 Solutions
New Discussion

Re: su - root as root???

 
Mike Barron_3
Advisor

‎07-11-2005 06:39 AM

‎07-11-2005 06:39 AM

su - root as root???

Anyone ever see this in the syslog?:

Jul 11 03:03:35 pfuxdbp1 above message repeats 19 times
Jul 11 03:04:07 pfuxdbp1 su: + tty?? root-root
Jul 11 03:23:08 pfuxdbp1 su: + tty?? root-root

This is going on every minute....

0 Kudos
Reply
8 REPLIES 8
Devender Khatana
Honored Contributor

‎07-11-2005 06:44 AM

‎07-11-2005 06:44 AM

Re: su - root as root???

Hi,

Any user when do a "su - root" this message gets logged. The tty reprents the tty session where that was done.

HTH,
Devender
Impossible itself mentions "I m possible"
0 Kudos
Reply
Rick Garland
Honored Contributor

‎07-11-2005 06:51 AM

‎07-11-2005 06:51 AM

Re: su - root as root???

Seen this many times. We forget we are root when we do the su -

Every minute is something to investigate. Can start by looking at the /var/adm/sulog as well.
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎07-11-2005 06:51 AM

‎07-11-2005 06:51 AM

Re: su - root as root???

I would check you root crontab file and look for any job running every minute. If there are any, then check those to see if they are doing an 'su - root'.

They may be doing an su to set some environment variables for a script. Or it could be the syntax 'su - root -c /dir/somescriptname'.

Cron would be my first check.
0 Kudos
Reply
saju_2
Respected Contributor

‎07-11-2005 06:54 AM

‎07-11-2005 06:54 AM

Re: su - root as root???

Hi

This is because su - root is executed. If this is seen in regular intervel then there will be some script in cron which runs in the background doing su - root.

Regrads
CS
0 Kudos
Reply
Mike Barron_3
Advisor

‎07-11-2005 06:58 AM

‎07-11-2005 06:58 AM

Re: su - root as root???

the weird thing is I did check the cron and there are no jobs running every minute.

also its running as root and suing to root..
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎07-11-2005 07:02 AM

‎07-11-2005 07:02 AM

Re: su - root as root???

What about 'at' jobs? What does 'at -l' show?

Do you happen to use a third party scheduler like Autosys, Maestro, IBM Tivoli Workload Scheduler?

What about some other process someone started? Try doing a 'ps -ef |grep sleep' and look for a 'sleep 60' or something similar. Then look at the sleep processes PPID and then look for that process id and see what it is.
0 Kudos
Reply
Devender Khatana
Honored Contributor

‎07-11-2005 07:03 AM

‎07-11-2005 07:03 AM

Re: su - root as root???

Hi,

It could be a script of some non root user which has UID set & doing a su - root.

Su - root from root is usual in scripts.
#ps -ef|grep -i su at regular intervals shall help.

HTH,
Devender
Impossible itself mentions "I m possible"
0 Kudos
Reply
Animesh Chakraborty
Honored Contributor

‎07-11-2005 01:35 PM

‎07-11-2005 01:35 PM

Re: su - root as root???

+ tty?? means it is running from cron job as no specific terminal is indicated.

Please ckeck your root cronjob again. It will be inside some scripts which are running via cron every 20 minutes.
Did you take a backup?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.