sulog(4) [opensolaris man page]
sulog(4) File Formats sulog(4) NAME
sulog - su command log file SYNOPSIS
/var/adm/sulog DESCRIPTION
The sulog file is a record of all attempts by users on the system to execute the su(1M) command. Each time su(1M) is executed, an entry is added to the sulog file. Each entry in the sulog file is a single line of the form: SU date time result port user-newuser where date The month and date su(1M) was executed. date is displayed in the form mm/dd where mm is the month number and dd is the day number in the month. time The time su(1M) was executed. time is displayed in the form HH/MM where HH is the hour number (24 hour system) and MM is the minute number. result The result of the su(1M) command. A ` + ' sign is displayed in this field if the su attempt was successful; otherwise a ` - ' sign is displayed. port The name of the terminal device from which su(1M) was executed. user The user id of the user executing the su(1M) command. newuser The user id being switched to with su(1M). EXAMPLES
Example 1 A sample sulog file. Here is a sample sulog file: SU 02/25 09:29 + console root-sys SU 02/25 09:32 + pts/3 user1-root SU 03/02 08:03 + pts/5 user1-root SU 03/03 08:19 + pts/5 user1-root SU 03/09 14:24 - pts/5 guest3-root SU 03/09 14:24 - pts/5 guest3-root SU 03/14 08:31 + pts/4 user1-root FILES
/var/adm/sulog su log file /etc/default/su contains the default location of sulog SEE ALSO
su(1M) SunOS 5.11 6 Jun 1994 sulog(4)
Check Out this Related Man Page
su(1M) System Administration Commands su(1M) NAME
su - become superuser or another user SYNOPSIS
su [-] [ username [ arg...]] DESCRIPTION
The su command allows one to become another user without logging off or to assume a role. The default user name is root (superuser). To use su, the appropriate password must be supplied (unless the invoker is already root). If the password is correct, su creates a new shell process that has the real and effective user ID, group IDs, and supplementary group list set to those of the specified username. Additionally, the new shell's project ID is set to the default project ID of the specified user. See getdefaultproj(3PROJECT), setpro- ject(3PROJECT). The new shell will be the shell specified in the shell field of username's password file entry (see passwd(4)). If no shell is specified, /usr/bin/sh is used (see sh(1)). If superuser privilege is requested and the shell for the superuser cannot be invoked using exec(2), /sbin/sh is used as a fallback. To return to normal user ID privileges, type an EOF character (<CTRL-D>) to exit the new shell. Any additional arguments given on the command line are passed to the new shell. When using programs such as sh, an arg of the form -c string executes string using the shell and an arg of -r gives the user a restricted shell. To create a login environment, the command "su -" does the following: o In addition to what is already propagated, the LC* and LANG environment variables from the specified user's environment are also prop- agated. o Propagate TZ from the user's environment. If TZ is not found in the user's environment, su uses the TZ value from the TIMEZONE parame- ter found in /etc/default/login. o Set MAIL to /var/mail/new_user. If the first argument to su is a dash (-), the environment will be changed to what would be expected if the user actually logged in as the specified user. Otherwise, the environment is passed along, with the exception of $PATH, which is controlled by PATH and SUPATH in /etc/default/su. All attempts to become another user using su are logged in the log file /var/adm/sulog (see sulog(4)). SECURITY
su uses pam(3PAM) with the service name su for authentication, account management, and credential establishment. EXAMPLES
Example 1: Becoming User bin While Retaining Your Previously Exported Environment To become user bin while retaining your previously exported environment, execute: example% su bin Example 2: Becoming User bin and Changing to bin's Login Environment To become user bin but change the environment to what would be expected if bin had originally logged in, execute: example% su - bin Example 3: Executing command with user bin's Environment and Permissions To execute command with the temporary environment and permissions of user bin, type: example% su - bin -c "command args" ENVIRONMENT VARIABLES
Variables with LD_ prefix are removed for security reasons. Thus, su bin will not retain previously exported variables with LD_ prefix while becoming user bin. If any of the LC_* variables ( LC_CTYPE, LC_MESSAGES, LC_TIME, LC_COLLATE, LC_NUMERIC, and LC_MONETARY) (see environ(5)) are not set in the environment, the operational behavior of su for each corresponding locale category is determined by the value of the LANG environment vari- able. If LC_ALL is set, its contents are used to override both the LANG and the other LC_* variables. If none of the above variables are set in the environment, the "C" (U.S. style) locale determines how su behaves. LC_CTYPE Determines how su handles characters. When LC_CTYPE is set to a valid value, su can display and handle text and filenames containing valid characters for that locale. su can display and handle Extended Unix Code (EUC) characters where any indi- vidual character can be 1, 2, or 3 bytes wide. su can also handle EUC characters of 1, 2, or more column widths. In the "C" locale, only characters from ISO 8859-1 are valid. LC_MESSAGES Determines how diagnostic and informative messages are presented. This includes the language and style of the messages, and the correct form of affirmative and negative responses. In the "C" locale, the messages are presented in the default form found in the program itself (in most cases, U.S. English). FILES
$HOME/.profile user's login commands for sh and ksh /etc/passwd system's password file /etc/profile system-wide sh and ksh login commands /var/adm/sulog log file /etc/default/su the default parameters in this file are: SULOG If defined, all attempts to su to another user are logged in the indicated file. CONSOLE If defined, all attempts to su to root are logged on the console. PATH Default path. (/usr/bin:) SUPATH Default path for a user invoking su to root. (/usr/sbin:/usr/bin) SYSLOG Determines whether the syslog(3C) LOG_AUTH facility should be used to log all su attempts. LOG_NOTICE messages are generated for su's to root, LOG_INFO messages are generated for su's to other users, and LOG_CRIT messages are generated for failed su attempts. /etc/default/login the default parameters in this file are: TIMEZONE Sets the TZ environment variable of the shell. ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWcsu | +-----------------------------+-----------------------------+ SEE ALSO
csh(1), env(1), ksh(1), login(1), roles(1), sh(1), syslogd(1M), exec(2), getdefaultproj(3PROJECT), setproject(3PROJECT), pam(3PAM), pam_authenticate(3PAM), pam_acct_mgmt(3PAM), pam_setcred(3PAM), pam.conf(4), passwd(4), profile(4), sulog(4), syslog(3C), attributes(5), environ(5) SunOS 5.10 26 Feb 2004 su(1M)