Information Technology Reference
In-Depth Information
SU 07/22 08:21 + pts/5 ambro-guest
SU 07/25 06:40 + pts/5 ambro-root
SU 07/25 19:53 - pts/5 ambro-root
SU 07/25 19:53 + pts/5 ambro-root
The “
+
” and “
-
” following the date and time indicate success or failure,
respectively. The next field indicates where the command was entered, and
the next field lists the from (who executed the
su
command) and to (who the
user became as a result of the
su
command) user accounts.
The use of the
su
command can also be logged using the syslog facility. This
is enabled by enabling (removing the
#
from) the following entry to the
/etc/default/su
file:
#SYSLOG=YES
However, the syslog facility must be properly configured to capture and log
these messages. The syslog facility is covered in Chapter 13.
By default, the use of the
su
command is logged to the syslog facility. To dis-
able this feature, edit the
/etc/default/su
file and add the shell comment
character (
#
) to the beginning of the
SYSLOG
entry.
The sysadmin Group
User accounts that are a member of the
sysadmin
group (numerical group
14) can perform some selected system administration activities using
admintool(1M)
without being granted full superuser privileges. This allows
basic system administration (adding and deleting users, printers, software,
and so on) to be performed by more than one person without compromising
system security. This is accomplished by configuring the
setuid
to root per-
mission for
admintool
and requiring membership in the
sysadmin
group in
order to use
admintool
. Additional information about groups and the
setuid
permission is provided later in this chapter.
Login and Logout Procedures
There are several commands used to log in to and out of a system. These
logins/logouts and attempts to login are recorded to maintain a usage history.
Logging into a Solaris 9 System
The
login(1)
command is used to log
in
(or
into
or
on to
) a system. When a
connection is made to a system via the network or tty device, typically the
login
command is used to interact with the user to prompt for and obtain a