I asked: > I have the history for root set up so that there is a separate history > file for each root session, the name of the person who su-ed to root > and the current time are in the filename, and the history files are all > in a separate directory. It is very nice. I do it via the root > /.profile (root's shell is /bin/ksh). > > Occasionally, when someone connects, the root history is just appended > to /.sh_history ... i.e., the .profile is not read. I have been trying > to figure out when and why this happens, but to no avail. I know that > it is not when the machine is in single-user mode because I have done > that and my commands are recorded in the /.history directory as they > should be. Can anyone suggest other ways in which the /.profile file > would not be read by root and so the HISTORY would not be set correctly? > TIA and I will summarize. The answer: A few admins are typing "/bin/su" instead of "/bin/su -". If you leave off the -, the destination user environment is not read. Several people asked me what the modifications to my .profile I use to log root connections. It is very short, so I will include it here. In the root .profile, I have the line ENV=/.kshrc then the .kshrc file, which is mode 0400 so that a non-root user cannot see what I am doing, has the three lines WHOAMI=`who am i | awk '{print $1"."$6}'` HISTFILE=/.history/history.$$.$WHOAMI HISTSIZE=1024 the /.history directory, which I set to mode 0700 so that a non-root user cannot find out what root did, will have files of the form history.pid-of-the-session.the-person-who-sued.(the-machine-they-came-from) Thanks to: way, way to many people to list. +-----------------------------------------------------------------------+ | Christopher L. Barnard O When I was a boy I was told that | | cbarnard@tsg.cbot.com / \ anybody could become president. | | (312) 347-4901 O---O Now I'm beginning to believe it. | | http://www.cs.uchicago.edu/~cbarnard --Clarence Darrow | +----------PGP public key available via finger or PGP keyserver---------+ _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Thu Aug 8 13:34:04 2002
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:51 EST