Solved

show if someone has used "su"

Posted on 2006-07-03
3
229 Views
Last Modified: 2010-04-20
How can I tell if someone has used the "su" command to become root?  What I want is to see if anyone on the system is the root user, but when I type "w" command, it is not specific.

  1:10pm  up 22 min,  2 users,  load average: 0.44, 0.62, 0.57
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU  WHAT
someguy   pts/0    adsl-1-2-3- 12:52pm  1:13   0.07s  0.02s  bash
root     pts/1    somehost.com 12:53pm  0.00s  0.19s  0.08s  w

But what if the "someguy" user has used "su" to become root?  It will still say "someguy" and I won't know if they are root or a regular user.   Can anyone show me how to tell if he has used "su" to become root?

Thanks in advance.
0
Comment
Question by:bryanlloydharris
3 Comments
 
LVL 22

Accepted Solution

by:
pjedmond earned 100 total points
ID: 17032825
Not obvious, and I'm sure that there would be a number of ways that you could hide the fact if someone was wanting to be nosey, but there does appear to be a difference before using su:

pje      pts/9    192.168.1.10      7:36pm  2.00s  0.05s  0.05s  -bash

and after using su:

pje      pts/9    192.168.1.10      7:36pm  3.00s  0.17s  0.04s  sshd: pje [priv]

I think that the key is the [priv] at the end of the w command.

(   (()
(`-' _\
 ''  ''
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 100 total points
ID: 17033611
grep su: /var/log/messages
0
 
LVL 3

Author Comment

by:bryanlloydharris
ID: 17034257
Hi, both very good and seem to give me more info than I had before.  Thanks.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question