Solved

show if someone has used "su"

Posted on 2006-07-03
3
226 Views
Last Modified: 2010-04-20
How can I tell if someone has used the "su" command to become root?  What I want is to see if anyone on the system is the root user, but when I type "w" command, it is not specific.

  1:10pm  up 22 min,  2 users,  load average: 0.44, 0.62, 0.57
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU  WHAT
someguy   pts/0    adsl-1-2-3- 12:52pm  1:13   0.07s  0.02s  bash
root     pts/1    somehost.com 12:53pm  0.00s  0.19s  0.08s  w

But what if the "someguy" user has used "su" to become root?  It will still say "someguy" and I won't know if they are root or a regular user.   Can anyone show me how to tell if he has used "su" to become root?

Thanks in advance.
0
Comment
Question by:bryanlloydharris
3 Comments
 
LVL 22

Accepted Solution

by:
pjedmond earned 100 total points
ID: 17032825
Not obvious, and I'm sure that there would be a number of ways that you could hide the fact if someone was wanting to be nosey, but there does appear to be a difference before using su:

pje      pts/9    192.168.1.10      7:36pm  2.00s  0.05s  0.05s  -bash

and after using su:

pje      pts/9    192.168.1.10      7:36pm  3.00s  0.17s  0.04s  sshd: pje [priv]

I think that the key is the [priv] at the end of the w command.

(   (()
(`-' _\
 ''  ''
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 100 total points
ID: 17033611
grep su: /var/log/messages
0
 
LVL 3

Author Comment

by:bryanlloydharris
ID: 17034257
Hi, both very good and seem to give me more info than I had before.  Thanks.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

rdate is a Linux command and the network time protocol for immediate date and time setup from another machine. The clocks are synchronized by entering rdate with the -s switch (command without switch just checks the time but does not set anything). …
How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now