• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 247
  • Last Modified:

show if someone has used "su"

How can I tell if someone has used the "su" command to become root?  What I want is to see if anyone on the system is the root user, but when I type "w" command, it is not specific.

  1:10pm  up 22 min,  2 users,  load average: 0.44, 0.62, 0.57
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU  WHAT
someguy   pts/0    adsl-1-2-3- 12:52pm  1:13   0.07s  0.02s  bash
root     pts/1    somehost.com 12:53pm  0.00s  0.19s  0.08s  w

But what if the "someguy" user has used "su" to become root?  It will still say "someguy" and I won't know if they are root or a regular user.   Can anyone show me how to tell if he has used "su" to become root?

Thanks in advance.
0
bryanlloydharris
Asked:
bryanlloydharris
2 Solutions
 
pjedmondCommented:
Not obvious, and I'm sure that there would be a number of ways that you could hide the fact if someone was wanting to be nosey, but there does appear to be a difference before using su:

pje      pts/9    192.168.1.10      7:36pm  2.00s  0.05s  0.05s  -bash

and after using su:

pje      pts/9    192.168.1.10      7:36pm  3.00s  0.17s  0.04s  sshd: pje [priv]

I think that the key is the [priv] at the end of the w command.

(   (()
(`-' _\
 ''  ''
0
 
ahoffmannCommented:
grep su: /var/log/messages
0
 
bryanlloydharrisAuthor Commented:
Hi, both very good and seem to give me more info than I had before.  Thanks.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now