SU to user from NON-root user
Ed Schmollinger
schmolli at frozencrow.org
Sun Apr 23 08:49:22 UTC 2006
On Sat, Apr 22, 2006 at 06:54:42AM +0530, Opesh Alkara wrote:
> Please excuse my limited knowledge on PAM. I want to have kind of setup
> where all my linux users connect to system using their non-wheel usernames
> and then su to a specific user 'userA'. this specific userA is a user by
> which production application runs on Linux RHEL ES 3.0 and 4.0.
>
> Now that each of the users have logged and su - to userA, I would like to
> know whether commands executed as userA can be logged?
> I know I may sound foolish here, nonetheless I feel PAM with SUDO would have
> got this flexibility.
this is not really a pam thing.
sudo does provide logging, but it only logs the command that is being
immediately executed. if you execute, say, /bin/bash, then all that
will be logged is that you executed /bin/bash. you will *not* see any
logs that indicate what commands were run under bash itself. to get
everything, you would need to install a tty sniffer or put logging code
in the shell or turn on process accounting or something like that.
i am unclear on whether you are already aware that su and sudo are
different things; both can be configured to log some stuff. both can be
configured to log session-opened and session-closed. (this is a
function of pam.) for logging the commands, though, you would be
looking for some kind of application-specific configuration. i suspect
that most versions of su would not have such a thing, but sudo
definitely does.
--
Ed Schmollinger - schmolli at frozencrow.org - http://frozencrow.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pam-list/attachments/20060423/2d9b83d7/attachment.sig>
More information about the Pam-list
mailing list