Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

show if someone has used "su"

Posted on 2006-07-03
3
Medium Priority
?
239 Views
Last Modified: 2010-04-20
How can I tell if someone has used the "su" command to become root?  What I want is to see if anyone on the system is the root user, but when I type "w" command, it is not specific.

  1:10pm  up 22 min,  2 users,  load average: 0.44, 0.62, 0.57
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU  WHAT
someguy   pts/0    adsl-1-2-3- 12:52pm  1:13   0.07s  0.02s  bash
root     pts/1    somehost.com 12:53pm  0.00s  0.19s  0.08s  w

But what if the "someguy" user has used "su" to become root?  It will still say "someguy" and I won't know if they are root or a regular user.   Can anyone show me how to tell if he has used "su" to become root?

Thanks in advance.
0
Comment
Question by:bryanlloydharris
3 Comments
 
LVL 22

Accepted Solution

by:
pjedmond earned 400 total points
ID: 17032825
Not obvious, and I'm sure that there would be a number of ways that you could hide the fact if someone was wanting to be nosey, but there does appear to be a difference before using su:

pje      pts/9    192.168.1.10      7:36pm  2.00s  0.05s  0.05s  -bash

and after using su:

pje      pts/9    192.168.1.10      7:36pm  3.00s  0.17s  0.04s  sshd: pje [priv]

I think that the key is the [priv] at the end of the w command.

(   (()
(`-' _\
 ''  ''
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 400 total points
ID: 17033611
grep su: /var/log/messages
0
 
LVL 3

Author Comment

by:bryanlloydharris
ID: 17034257
Hi, both very good and seem to give me more info than I had before.  Thanks.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses
Course of the Month10 days, 9 hours left to enroll

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question