Many thanks for reply on command logging....I understood
Please can you provide any pointers related the below stated PAM configuration:
" I want to have kind of setup
> where all my linux users connect to system using their non-wheel usernames
> and then su to a specific user 'userA'...... without actually knowing the password of UserA...pretty much in same way...a user in wheel group can switch to any user."
> where all my linux users connect to system using their non-wheel usernames
> and then su to a specific user 'userA'...... without actually knowing the password of UserA...pretty much in same way...a user in wheel group can switch to any user."
Thanks in advance for your time and effort on this.
On 4/23/06, Ed Schmollinger <schmolli@xxxxxxxxxxxxxx> wrote:
On Sat, Apr 22, 2006 at 06:54:42AM +0530, Opesh Alkara wrote:
> Please excuse my limited knowledge on PAM. I want to have kind of setup
> where all my linux users connect to system using their non-wheel usernames
> and then su to a specific user 'userA'. this specific userA is a user by
> which production application runs on Linux RHEL ES 3.0 and 4.0.
>
> Now that each of the users have logged and su - to userA, I would like to
> know whether commands executed as userA can be logged?
> I know I may sound foolish here, nonetheless I feel PAM with SUDO would have
> got this flexibility.
this is not really a pam thing.
sudo does provide logging, but it only logs the command that is being
immediately executed. if you execute, say, /bin/bash, then all that
will be logged is that you executed /bin/bash. you will *not* see any
logs that indicate what commands were run under bash itself. to get
everything, you would need to install a tty sniffer or put logging code
in the shell or turn on process accounting or something like that.
i am unclear on whether you are already aware that su and sudo are
different things; both can be configured to log some stuff. both can be
configured to log session-opened and session-closed. (this is a
function of pam.) for logging the commands, though, you would be
looking for some kind of application-specific configuration. i suspect
that most versions of su would not have such a thing, but sudo
definitely does.
--
Ed Schmollinger - schmolli@xxxxxxxxxxxxxx - http://frozencrow.org/
_______________________________________________
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
--
Regards
Opesh Alkara
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
