Unix/Linux Go Back    


UNIX for Beginners Questions & Answers If you're not sure where to post a Unix or Linux question, post it here. All unix and Linux beginners welcome in this forum!

Find Original user who executed the command

UNIX for Beginners Questions & Answers


Reply    
 
Thread Tools Search this Thread Display Modes
    #1  
Old Unix and Linux 12-17-2017   -   Original Discussion by sam99
sam99's Unix or Linux Image
sam99 sam99 is offline
Registered User
 
Join Date: Aug 2007
Last Activity: 21 March 2018, 7:37 AM EDT
Posts: 45
Thanks: 1
Thanked 0 Times in 0 Posts
Find Original user who executed the command

Hi Team,

Please help me with the below question.

SunOS 5.10
Shell: -bash

I am trying to find the original user who executed a command on my development server.

In my dev server users login using their personal id and sudo to a common id using 'sudo -u commonid -i'. Once logged in as sudo they execute the commands. I am trying to identify the long running jobs on my server. Since all users are logged in as commonid while executing the commands, I am not able to find the actual user and alert them. Kindly share your thoughts.

Please note that I am not a root user and do not have root access

Regards,
Sam

Last edited by sam99; 12-17-2017 at 05:17 AM..
Sponsored Links
    #2  
Old Unix and Linux 12-17-2017   -   Original Discussion by sam99
jim mcnamara's Unix or Linux Image
jim mcnamara jim mcnamara is offline Forum Staff  
...@...
 
Join Date: Feb 2004
Last Activity: 22 April 2018, 10:08 PM EDT
Location: NM
Posts: 11,353
Thanks: 602
Thanked 1,153 Times in 1,062 Posts
You are stuck not being root. If you were root you could execute a command to find the process tree - probably ptree. This lets you step backwards from a running process through the processes that created it.

Not being root means you cannot do that. I cannot come up with a workaround. The sudo log won't help much, based on your description.
Sponsored Links
    #3  
Old Unix and Linux 12-18-2017   -   Original Discussion by sam99
apmcd47's Unix or Linux Image
apmcd47 apmcd47 is offline
Registered User
 
Join Date: Feb 2011
Last Activity: 12 April 2018, 11:24 AM EDT
Posts: 336
Thanks: 16
Thanked 92 Times in 87 Posts
If you can find the tty that the process is running on it might be as easy as running who and see the user account associated with that tty.

Andrew
    #4  
Old Unix and Linux 12-18-2017   -   Original Discussion by sam99
gull04's Unix or Linux Image
gull04 gull04 is offline Forum Advisor  
Registered User
 
Join Date: Dec 2004
Last Activity: 19 April 2018, 3:37 AM EDT
Location: Isle-of-Skye
Posts: 758
Thanks: 19
Thanked 140 Times in 123 Posts
Hi,

You could just run something quick and dirty as a regular user, here is a starter for 10!



Code:
for i in `who -u | awk '{ print $1 }' | sort -u`; do echo "Processes for ${i}"; ps -u ${i} | sort -n; done

It will obviously get more info than you want, but by adjusting the sort to something like sort -t " " -k 1,1 -k 2,2 you'll have to check the exact syntax using man sort but this should get you going.

Gull04
Sponsored Links
    #5  
Old Unix and Linux 12-18-2017   -   Original Discussion by sam99
jim mcnamara's Unix or Linux Image
jim mcnamara jim mcnamara is offline Forum Staff  
...@...
 
Join Date: Feb 2004
Last Activity: 22 April 2018, 10:08 PM EDT
Location: NM
Posts: 11,353
Thanks: 602
Thanked 1,153 Times in 1,062 Posts
FWIW - if some process runs a long-running process, chances are good the code calls setsid() otherwise the user's process would be required to stay there waiting for the process to end, and the person who started the process would have to wait for termination.

setsid() creates a new session, allowing the process to be left running without tying up the process that started it.

This means that ptree is required, or messing with a lot of ps output as mentioned
above. ptree may mean root is required.

On googling, the long running process will have these envrionment variables set:


Code:
SUDO_UID        Set to the user ID of the user who invoked sudo
SUDO_USER       Set to the login of the user who invoked sudo

So if tell us your OS we can tell you, probably, how to look at the environment variables in the long running process, example for Solaris:


Code:
psargs -e [pid of long running process] | grep SUDO

Sponsored Links
    #6  
Old Unix and Linux 12-20-2017   -   Original Discussion by sam99
sam99's Unix or Linux Image
sam99 sam99 is offline
Registered User
 
Join Date: Aug 2007
Last Activity: 21 March 2018, 7:37 AM EDT
Posts: 45
Thanks: 1
Thanked 0 Times in 0 Posts
Hi,

Please find my server details.

uname -a


Code:
SunOS xxx-xxx 5.10 Generic_150400-49 sun4v sparc sun4v
Shell: -bash

It seems the command shared is not working here.


Regards,
Sam

Last edited by rbatte1; 12-21-2017 at 08:38 AM..
Sponsored Links
    #7  
Old Unix and Linux 12-20-2017   -   Original Discussion by sam99
pradeep84in's Unix or Linux Image
pradeep84in pradeep84in is offline
Registered User
 
Join Date: Dec 2012
Last Activity: 14 March 2018, 7:13 AM EDT
Location: Bengaluru / Kolkata, India
Posts: 17
Thanks: 5
Thanked 0 Times in 0 Posts
Hi Sam,

Might be below can help you a bit.
  1. Identify the long running process and get the start time of that by using "ps"
  2. Get the output of the user logged in by using "last" command and identify the users who all was logged in during that particular time from the login duration

Last edited by rbatte1; 12-21-2017 at 08:39 AM.. Reason: Converted text lists to formatted lists with LIST=1 tags
Sponsored Links
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Find logon user based on executed script proc id tmalik79 Shell Programming and Scripting 2 01-21-2014 12:55 PM
How to find the log for executed command in IBM AIX? victory AIX 4 08-10-2012 06:54 AM
Capture the original user dr46014 Shell Programming and Scripting 4 09-13-2011 01:09 AM
Help Required: Command to find IP address and command executed of a user loggedout Security 2 08-06-2008 08:12 PM
how to find the exit status for the last executed command vijay.amirthraj UNIX for Dummies Questions & Answers 1 07-04-2006 10:14 PM



All times are GMT -4. The time now is 01:52 AM.