Re: Seeing who has su-ed

• Previous message: Giuliano Pochini: "RE: Seeing who has su-ed"
• In reply to: Klotz, Brian: "Seeing who has su-ed"
• Next in thread: Andy Walden: "Re: Seeing who has su-ed"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 21 Mar 2003 12:49:08 -0800 (PST)
From: Alvin Oga <alvin.sec@Mail.Linux-Consulting.com>
To: "Klotz, Brian" <Brian_Klotz@heald.edu>

hi ya

On Thu, 20 Mar 2003, Klotz, Brian wrote:

>
> I teach a Linux basics course and each term I have the problem of students
> who do an su to become root, then rather than exiting, they su again to go
> back to their regular account. The trouble is identifying when someone has
> done this (they usually don't remember). The "who" command only shows login
> shells (AFAIK) so it does not reveal when someone has su-ed.
>
> Does anyone know of a way to list all of the users currently logged in,
> including when someone has su-ed to become another user?

root:~# tail -100 /var/log/secure
....
Mar 21 12:45:18 xx su[28280]: Authentication failed for alvin
Mar 21 12:45:18 xx su[28280]: - pts/24 alvin-alvin
Mar 21 12:45:23 xx su[28281]: Authentication failed for alvin
Mar 21 12:45:23 xx su[28281]: - pts/24 alvin-alvin
Mar 21 12:45:26 xx su[28282]: + pts/24 alvin-alvin

works for me... tell me time/date that "alvin" su to become others
and if i su - root ... and i forget the passwd ...

Mar 21 12:46:53 Guru su[28294]: + pts/24 root-alvin
Mar 21 12:47:10 Guru su[28352]: Authentication failed for root
Mar 21 12:47:10 Guru su[28352]: - pts/24 alvin-root

good for slackware-8.1

and history to see what they did...

and run scripts to see all that they typed, even inside vi (?)

c ya
alvin

• Previous message: Giuliano Pochini: "RE: Seeing who has su-ed"
• In reply to: Klotz, Brian: "Seeing who has su-ed"
• Next in thread: Andy Walden: "Re: Seeing who has su-ed"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]