Re: determining when root was logged in
From: Sue Pellerito (Sue.Pellerito_at_JACKINTHEBOX.COM)
Date: 10/25/03
- Previous message: Vipin Khushu: "Re: determining when root was logged in"
- Maybe in reply to: Vipin Khushu: "determining when root was logged in"
- Next in thread: Jerry Gelaude: "Re: determining when root was logged in"
- Reply: Jerry Gelaude: "Re: determining when root was logged in"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 24 Oct 2003 15:37:55 -0700 To: aix-l@Princeton.EDU
If a user logged on with their userid and then used a su - to switch to
root, the 'last' command will not show root as logged in.
Vipin Khushu
<vkhushu@GUERNSEY To: aix-l@Princeton.EDU
OP.COM> cc:
Sent by: IBM AIX Subject: Re: determining when root was logged in
Discussion List
<aix-l@Princeton.
EDU>
10/24/2003 12:58
PM
Please respond to
IBM AIX
Discussion List
Thanks Mark / Bill.
However, this gets curiouser and curiouser.
The last root command shows that the last time root logged into the system
was back on sep 09.
However, we are sure that this file was modified yesterday.
Is there a way to determine who modified this file?
Vipin
-----Original Message-----
From: Bill Verzal [mailto:BVerzal@KOMATSUNA.COM]
Sent: Friday, October 24, 2003 1:49 PM
To: aix-l@Princeton.EDU
Subject: Re: determining when root was logged in
last|more
/etc/passwd and /etc/group
--------------------------------------------------------
"If everything is coming your way, then you are in the wrong lane"
Bill Verzal
AIX Administrator, Komatsu America
(847) 970-3726 - direct
(847) 970-4184 - fax
|---------+---------------------------->
| | Vipin Khushu |
| | <vkhushu@GUERNSEY|
| | OP.COM> |
| | Sent by: IBM AIX |
| | Discussion List |
| | <aix-l@Princeton.|
|
| | |
| | |
| | 10/24/2003 12:03 |
| | PM |
| | Please respond to|
| | IBM AIX |
| | Discussion List |
| | |
|---------+---------------------------->
>---------------------------------------------------------------------------
----------------------------------------------------|
|
|
| To: aix-l@Princeton.EDU
|
| cc:
|
| Subject: determining when root was logged in
|
>---------------------------------------------------------------------------
----------------------------------------------------|
I need to pinpoint who was logged in as root yesterday when this file was
modified. So I would like to know what time the person / process got logged
in as root and from what terminal / IP address.
Also does anyone know where the list of users that are set up on the system
are stored?
I need to show the users that are set up as part of the system group.
-rw-rw-rw- 1 root sys 26624 Oct 23 13:46 -dayend.cdx
-rw-rw-rw- 1 root sys 42844 Oct 23 13:46 -dayend.dbf
-rw-rw-rw- 1 root sys 10 Aug 02 10:03 -dayend.key
TIA
Vipin Khushu
- Previous message: Vipin Khushu: "Re: determining when root was logged in"
- Maybe in reply to: Vipin Khushu: "determining when root was logged in"
- Next in thread: Jerry Gelaude: "Re: determining when root was logged in"
- Reply: Jerry Gelaude: "Re: determining when root was logged in"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
- Re: System-users and-groups?
... bin shouldn't do so much. ... was root and bin... ... Although
the daemon user/group are ... as that user runs that command. ... (alt.linux) - RE: remote ssh for root
... forced-commands-only option set, you have to have the command option set. ...
execution as root. ... > This message contains confidential information and is
... (SSH) - Re: grub menu oddity
... >>> command (until the manual root command was executed). ...
>>> When I first encountered this behavior, it took several reboots for me to ...
FWIW - a new CMOS battery is only $3-5 at your local Shaque du Radio ... (comp.os.linux.setup) - Re: [PHP] strange errors from command line vs. web
... standard php. ... > can't run the script from the command line even
when I su to root. ... >>> I have some code that makes a connection to
the db. ... (php.general) - Re: SU privileges
... If you know a userid you want to limit the ability to su too (like root),
... Another way would be to set an ACL on the su command. ... If you have received
this electronic transmission in error, please notify the sender immediately by a "reply to sender
only" message and destroy all electronic and hard copies of the communication, including attachments.
... (AIX-L)
