Re: SU to user from NON-root user

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Apr 22, 2006 at 06:54:42AM +0530, Opesh Alkara wrote:
> Please excuse my limited knowledge on PAM. I want to have kind of setup
> where all my linux users connect to system using their non-wheel usernames
> and then su to a specific user 'userA'. this specific userA is a user by
> which production application runs on Linux RHEL ES 3.0 and 4.0.
> 
> Now that each of the users have logged and su - to userA, I would like to
> know whether commands executed as userA can be logged?
> I know I may sound foolish here, nonetheless I feel PAM with SUDO would have
> got this flexibility.

this is not really a pam thing.

sudo does provide logging, but it only logs the command that is being
immediately executed.  if you execute, say, /bin/bash, then all that
will be logged is that you executed /bin/bash.  you will *not* see any
logs that indicate what commands were run under bash itself.  to get
everything, you would need to install a tty sniffer or put logging code
in the shell or turn on process accounting or something like that.

i am unclear on whether you are already aware that su and sudo are
different things; both can be configured to log some stuff.  both can be
configured to log session-opened and session-closed.  (this is a
function of pam.)  for logging the commands, though, you would be
looking for some kind of application-specific configuration.  i suspect
that most versions of su would not have such a thing, but sudo
definitely does.

-- 
Ed Schmollinger - schmolli@xxxxxxxxxxxxxx - http://frozencrow.org/

Attachment: pgpsRLCiXBNjI.pgp
Description: PGP signature

_______________________________________________

Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux