On Sat, Apr 22, 2006 at 06:54:42AM +0530, Opesh Alkara wrote: > Please excuse my limited knowledge on PAM. I want to have kind of setup > where all my linux users connect to system using their non-wheel usernames > and then su to a specific user 'userA'. this specific userA is a user by > which production application runs on Linux RHEL ES 3.0 and 4.0. > > Now that each of the users have logged and su - to userA, I would like to > know whether commands executed as userA can be logged? > I know I may sound foolish here, nonetheless I feel PAM with SUDO would have > got this flexibility. this is not really a pam thing. sudo does provide logging, but it only logs the command that is being immediately executed. if you execute, say, /bin/bash, then all that will be logged is that you executed /bin/bash. you will *not* see any logs that indicate what commands were run under bash itself. to get everything, you would need to install a tty sniffer or put logging code in the shell or turn on process accounting or something like that. i am unclear on whether you are already aware that su and sudo are different things; both can be configured to log some stuff. both can be configured to log session-opened and session-closed. (this is a function of pam.) for logging the commands, though, you would be looking for some kind of application-specific configuration. i suspect that most versions of su would not have such a thing, but sudo definitely does. -- Ed Schmollinger - schmolli@xxxxxxxxxxxxxx - http://frozencrow.org/
Attachment:
pgpsRLCiXBNjI.pgp
Description: PGP signature
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list