lphillips
asked on
How to Audit User Commands When sudo su - to Another User
We have a team of people that login to unix servers as their individual ID, then need to "sudo su - shareduser" to a shared user ID. It is possible that you could have several people logged into the same server at the same time that has switched to the shared user. The question is - is it possible to keep an audit trail of the commands that each individual user runs as the shared ID? Is so, can you tell me how this is done? We are using two flavors of UNIX, AIX and RedHat Linux.
Does it have to be "sudo su -"?
Wouldn't it be sufficient runnig "sudo -u shareduser some_command" ?
Of course this will require a bit more effort in setting up the sudoers file, but on the other hand you can have a perfect audit trail this way.
wmp
Wouldn't it be sufficient runnig "sudo -u shareduser some_command" ?
Of course this will require a bit more effort in setting up the sudoers file, but on the other hand you can have a perfect audit trail this way.
wmp
ASKER
woolmilkporc - is it possible to setup it up where any command/script in a certain directory can be run? For example if we had:
/allmycommands/bin/
And there were lots of scripts, AND they need to have arguments passed on the command line, is this doable? How would that look in the sudoers file?
/allmycommands/bin/
And there were lots of scripts, AND they need to have arguments passed on the command line, is this doable? How would that look in the sudoers file?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thank you!
script filename
And then you log everything. You should script in a folder where everyone can write. I am not sure if it would persist su but it is worth trying at least.
You will have to type exit twice at the end, once to revert to original account and second to terminate script command.