Elyutah
asked on
RHEL su logging
My system has RHEL 3,4,5. If 2 users su to another account at the same time, how do I log activities of each user after su? Does audit.log log this scenario? This is needed to provide traceability and accountability for the system security.
ASKER
/var/log/secure only logs when the users su to another account, but not commands issued by them after they become another user.
ASKER
The problem with using sudo su is that X11 being disabled. The users need to bring up a GUI to run the system.
GUI control will be based on your desktop. What kind of desktop do you have?
Sudo will still work really good with GUI. You said the users need to execute commands, they don't need to get to the GUI of other users. In their GUI command prompt, they can still issue commands using sudo for some other user. They do not need to login as another user. All the commands will thus be logged. Making sense?
Sudo will still work really good with GUI. You said the users need to execute commands, they don't need to get to the GUI of other users. In their GUI command prompt, they can still issue commands using sudo for some other user. They do not need to login as another user. All the commands will thus be logged. Making sense?
What reason would an Admin need to run commands as another user (presumably not elevated rights)?
Could you provide the scenario you are dealing with?
how is the user who will be running those commands interfaces with the system?
i.e. the user using GUI to login, then opens a terminal/xterm window
runs sudo/su and then would like a graphical command sent back to the desktop?
You could use xhost + or set DISPLAY to redirect the SUDO/SU GUI back to the desktop
export DISPLAY=localhost:0.0
Could you provide the scenario you are dealing with?
how is the user who will be running those commands interfaces with the system?
i.e. the user using GUI to login, then opens a terminal/xterm window
runs sudo/su and then would like a graphical command sent back to the desktop?
You could use xhost + or set DISPLAY to redirect the SUDO/SU GUI back to the desktop
export DISPLAY=localhost:0.0
ASKER
Here is the scenario: the original system used a group account (ga) who a matlab license is granted. We are required to eliminate the ga by implementing individual user accounts. However, the matlab license is not going to be updated until later. In the mean time, the users need to switch to the ga and bring up a console GUI to run tasks required matlab. We are approved to use 'su' but need to provide traceability. Other tasks can be done within the individual user accounts.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
/var/log/secure
Users should use sudo to su to other users. Sudo keeps logs for any commands issued. However for RHEL3 sudo is too old and will not log very well.