SU to user from NON-root user

Opesh Alkara opeshalkara at gmail.com
Sun Apr 23 16:59:12 UTC 2006 

Many thanks for reply on command logging....I understood

Please can you provide any pointers related the below stated PAM
configuration:

" I want to have kind of setup
> where all my linux users connect to system using their non-wheel usernames
> and then su to a specific user 'userA'...... without actually knowing the
password of UserA...pretty much in same way...a user in wheel group can
switch to any user."

Thanks in advance for your time and effort on this.


On 4/23/06, Ed Schmollinger <schmolli at frozencrow.org> wrote:
>
> On Sat, Apr 22, 2006 at 06:54:42AM +0530, Opesh Alkara wrote:
> > Please excuse my limited knowledge on PAM. I want to have kind of setup
> > where all my linux users connect to system using their non-wheel
> usernames
> > and then su to a specific user 'userA'. this specific userA is a user by
> > which production application runs on Linux RHEL ES 3.0 and 4.0.
> >
> > Now that each of the users have logged and su - to userA, I would like
> to
> > know whether commands executed as userA can be logged?
> > I know I may sound foolish here, nonetheless I feel PAM with SUDO would
> have
> > got this flexibility.
>
> this is not really a pam thing.
>
> sudo does provide logging, but it only logs the command that is being
> immediately executed.  if you execute, say, /bin/bash, then all that
> will be logged is that you executed /bin/bash.  you will *not* see any
> logs that indicate what commands were run under bash itself.  to get
> everything, you would need to install a tty sniffer or put logging code
> in the shell or turn on process accounting or something like that.
>
> i am unclear on whether you are already aware that su and sudo are
> different things; both can be configured to log some stuff.  both can be
> configured to log session-opened and session-closed.  (this is a
> function of pam.)  for logging the commands, though, you would be
> looking for some kind of application-specific configuration.  i suspect
> that most versions of su would not have such a thing, but sudo
> definitely does.
>
> --
> Ed Schmollinger - schmolli at frozencrow.org - http://frozencrow.org/
>
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
>
>
>


--
Regards
Opesh Alkara
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20060423/a038316e/attachment.htm>

More information about the Pam-list mailing list