Solved

show if someone has used "su"

Posted on 2006-07-03
3
228 Views
Last Modified: 2010-04-20
How can I tell if someone has used the "su" command to become root?  What I want is to see if anyone on the system is the root user, but when I type "w" command, it is not specific.

  1:10pm  up 22 min,  2 users,  load average: 0.44, 0.62, 0.57
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU  WHAT
someguy   pts/0    adsl-1-2-3- 12:52pm  1:13   0.07s  0.02s  bash
root     pts/1    somehost.com 12:53pm  0.00s  0.19s  0.08s  w

But what if the "someguy" user has used "su" to become root?  It will still say "someguy" and I won't know if they are root or a regular user.   Can anyone show me how to tell if he has used "su" to become root?

Thanks in advance.
0
Comment
Question by:bryanlloydharris
3 Comments
 
LVL 22

Accepted Solution

by:
pjedmond earned 100 total points
ID: 17032825
Not obvious, and I'm sure that there would be a number of ways that you could hide the fact if someone was wanting to be nosey, but there does appear to be a difference before using su:

pje      pts/9    192.168.1.10      7:36pm  2.00s  0.05s  0.05s  -bash

and after using su:

pje      pts/9    192.168.1.10      7:36pm  3.00s  0.17s  0.04s  sshd: pje [priv]

I think that the key is the [priv] at the end of the w command.

(   (()
(`-' _\
 ''  ''
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 100 total points
ID: 17033611
grep su: /var/log/messages
0
 
LVL 3

Author Comment

by:bryanlloydharris
ID: 17034257
Hi, both very good and seem to give me more info than I had before.  Thanks.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Daily system administration tasks often require administrators to connect remote systems. But allowing these remote systems to accept passwords makes these systems vulnerable to the risk of brute-force password guessing attacks. Furthermore there ar…
Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

805 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question