02-28-2006
If both are logged in as root, you could possibly tell from the output of the who command - just associate the terminal connection with the userid (found with ps -ef|grep root). Then, with the who command, look for that terminal to see where they are coming from - you would then have to look on that server to try to find who was logging in as root (if this is what they are doing).
If a person logs in as root on console, then you don't have a way of doing this (unless there are console logs which may or may not have information on the person).
If you are in charge of this server, you should consider setting up the root account so it can only be accessed from console - so anyone signing in can not log in as root (and this will make it easier to find who is using it via the su logs).
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi,
Suppose I have a programme called Menu. This menu has various choices as we would expect from a Menu.
Now Can you Please help me as I want the details of the Users to be registered to some file , Whoever has entered this particular Program . Basically to see the username and the time that... (2 Replies)
Discussion started by: rooh
2 Replies
2. IP Networking
I have an RS6000 server running AIX and on occasion all users are logged out of the server "connection closed by foreign host" is the error message. Normally a user can press enter and get a Login prompt, but they get the message "connection refused" and then the users can wait a minute or so and... (2 Replies)
Discussion started by: Docboyeee
2 Replies
3. IP Networking
We have two NIC cards in our IBM RS/6000 F50 running AIX 4.3.3
We are trying to make sure we have moved all users to log in through the new NIC.
10.22.x.y (old)
10.22.x.z (new)
How can I tell which users are still using the old address for logging in so I can update their work station to... (5 Replies)
Discussion started by: cburtgo
5 Replies
4. Shell Programming and Scripting
in unix what is the syntax to find out how many users are currently logged in (4 Replies)
Discussion started by: trichyselva
4 Replies
5. Post Here to Contact Site Administrators and Moderators
how to find out users who logged out within 5 minutes (1 Reply)
Discussion started by: roshni
1 Replies
6. Shell Programming and Scripting
I have searched the forums but have not mangaed to quite find what im looking for. I have used to /etc/passwd command to present me a list of all users the who command to present all users currently logged on, but what i want to know is what command can i use to display users that are registered... (12 Replies)
Discussion started by: warlock129
12 Replies
7. UNIX for Dummies Questions & Answers
How do I find this out? I have a feeling its a simple command such as who, but I just don't know what it is. I've had a search on here but either I can't put it into the right search criteria or there isn't a topic on it.
Thanks.
EDIT: Delete this thread, as I posted it I noticed the... (0 Replies)
Discussion started by: chris_rabz
0 Replies
8. Red Hat
I have 2 systems. (1) RHEL5 and (2) winXP pro
from xpPRO putty i ssh into rhel5 : user root
from xpPRO i ftp into rhel5 : user abc123
when i run #uptime it only shows 1 user
when i do #ps -u abc123 : it shows vsftpd deamon PID
is there a command that can be used to show all currently... (4 Replies)
Discussion started by: dplinux
4 Replies
9. Shell Programming and Scripting
Hi,
How to find the users who did not login into a UNIX box (thru ssh/ftp or any other way) for last 90 days?
I think of using "finger" or "last" command to findout each user's last login and then find number of days between today and that day. Is there any other better way or anyone prepared... (1 Reply)
Discussion started by: reddyr
1 Replies
10. UNIX for Dummies Questions & Answers
So I'm trying to write a single line command So I have to use last first in this command and I've figured out the format my professor wants it in, something like thislast | cut -d' ' -f1,15 | sort > check | uniq -c.... and I never can get it right, when I just last command I get something... (2 Replies)
Discussion started by: DoubleAlpha
2 Replies
LEARN ABOUT REDHAT
pivot_root
PIVOT_ROOT(8) Maintenance Commands PIVOT_ROOT(8)
NAME
pivot_root - change the root file system
SYNOPSIS
pivot_root new_root put_old
DESCRIPTION
pivot_root moves the root file system of the current process to the directory put_old and makes new_root the new root file system. Since
pivot_root(8) simply calls pivot_root(2), we refer to the man page of the latter for further details.
Note that, depending on the implementation of pivot_root, root and cwd of the caller may or may not change. The following is a sequence for
invoking pivot_root that works in either case, assuming that pivot_root and chroot are in the current PATH:
cd new_root
pivot_root . put_old
exec chroot . command
Note that chroot must be available under the old root and under the new root, because pivot_root may or may not have implicitly changed the
root directory of the shell.
Note that exec chroot changes the running executable, which is necessary if the old root directory should be unmounted afterwards. Also
note that standard input, output, and error may still point to a device on the old root file system, keeping it busy. They can easily be
changed when invoking chroot (see below; note the absence of leading slashes to make it work whether pivot_root has changed the shell's
root or not).
EXAMPLES
Change the root file system to /dev/hda1 from an interactive shell:
mount /dev/hda1 /new-root
cd /new-root
pivot_root . old-root
exec chroot . sh <dev/console >dev/console 2>&1
umount /old-root
Mount the new root file system over NFS from 10.0.0.1:/my_root and run init:
ifconfig lo 127.0.0.1 up # for portmap
# configure Ethernet or such
portmap # for lockd (implicitly started by mount)
mount -o ro 10.0.0.1:/my_root /mnt
killall portmap # portmap keeps old root busy
cd /mnt
pivot_root . old_root
exec chroot . sh -c 'umount /old_root; exec /sbin/init'
<dev/console >dev/console 2>&1
SEE ALSO
chroot(1), mount(8), pivot_root(2), umount(8)
Linux Feb 23, 2000 PIVOT_ROOT(8)