Shell Programming and Scripting

What are some of the ways to get valid who data?

There's who and w but I have cases where we login as mailadmin or dbadmin and I want to trace those logins back as far as possible. We have mixed access to the env. Some use VPN client, some use ssh to a single host and then login to other internal hosts from there. Does anyone know of a tracewho or something like that?

How are you solving this problem? We could enforce that each user has to login as themselves(less desirable) or we could do other things at login.

We don't use nfs or an auth system, just separate /etc/passwd on each host.

Ideas/thoughts/suggestions?

The wtmpx (utmpx is also the file on some systems) file has login history. You can use last or a custom written c tool to find what you need.

Code:

last -100 joe_user

These files keep data from the last reboot on. Any user who logs in is usually recorded.

man wtmpx
man last
and maybe man utmpx

I think I did a lousy job explaining what I'm after. An example goes a long way I think.

hostz: dbadm is logged in from hosty
hosty: dbadm, mailadm, root, bob, jan, berndt, jose are logged in from various hosts

dbadm on hosty has logged into hostz as dbadm from hosty and is logged into hosty from
hostx

hostx: has dbadm, svnadm, aturing, ehubble, rfeynman

svnadm on hostx is logged into hosty as dbadm then to hostz as dbadm

...and so on and so forth

I want to be able to follow the trail as far as is possible and am wondering if a tool already
exists to do this. Maybe this is the wrong place to post this.

Use 'finger', and then add something to the .profile to log this information into a common history file.
With an ssh connection the $SSH_CONNECTION environment variable shows the connection trail.

Good ole' finger, forgot about that. I will try that. I found in some cases $SSH_CONNECTION was empty. Maybe a csh or solaris issue.