I am trying to find the original user who executed a command on my development server.
In my dev server users login using their personal id and sudo to a common id using 'sudo -u commonid -i'. Once logged in as sudo they execute the commands. I am trying to identify the long running jobs on my server. Since all users are logged in as commonid while executing the commands, I am not able to find the actual user and alert them. Kindly share your thoughts.
Please note that I am not a root user and do not have root access
You are stuck not being root. If you were root you could execute a command to find the process tree - probably ptree. This lets you step backwards from a running process through the processes that created it.
Not being root means you cannot do that. I cannot come up with a workaround. The sudo log won't help much, based on your description.
You could just run something quick and dirty as a regular user, here is a starter for 10!
Code:
for i in `who -u | awk '{ print $1 }' | sort -u`; do echo "Processes for ${i}"; ps -u ${i} | sort -n; done
It will obviously get more info than you want, but by adjusting the sort to something like sort -t " " -k 1,1 -k 2,2 you'll have to check the exact syntax using man sort but this should get you going.
FWIW - if some process runs a long-running process, chances are good the code calls setsid() otherwise the user's process would be required to stay there waiting for the process to end, and the person who started the process would have to wait for termination.
setsid() creates a new session, allowing the process to be left running without tying up the process that started it.
This means that ptree is required, or messing with a lot of ps output as mentioned
above. ptree may mean root is required.
On googling, the long running process will have these envrionment variables set:
Code:
SUDO_UID Set to the user ID of the user who invoked sudo
SUDO_USER Set to the login of the user who invoked sudo
So if tell us your OS we can tell you, probably, how to look at the environment variables in the long running process, example for Solaris:
Code:
psargs -e [pid of long running process] | grep SUDO
Identify the long running process and get the start time of that by using "ps"
Get the output of the user logged in by using "last" command and identify the users who all was logged in during that particular time from the login duration
Last edited by rbatte1; 12-21-2017 at 09:39 AM..
Reason: Converted text lists to formatted lists with LIST=1 tags
All team members has sudo access to user "batch55".
Need to track all the commands used by team members after sudo to "batch55".
Using HP-UX and ksh shell in our environment.
How can i acheive this?
Thanks In Advance. (2 Replies)
Hi,
i have requirement to find logged in user based on process id. i have below scenario.
1. all my users will logon to unix box using ssh from windows system.
2. after successful logon they will sudo to common user. ex. sudo -su edadm
lot of users are executing jobs from edadm user and... (2 Replies)
Hi,
on our hp-ux box we have 100s of shell scripts in a bin folder.
Now i have to figure out which scripts are not being used at all.
The timestamp for these are the ones when they were promoted to this 'bin' folder.
Now, how can I find when was the last time each of these scripts were run?
I... (2 Replies)
in our environment role ids are created in unix to which user does su.
say my individual id is drout and a role is devid.
i will login to drout
the su - devid
password : <nothing > password less role id
then i will login to devid.
can i write a function and pass it in a script while i... (4 Replies)
Hi,
I am trying to write a script which would figure out who has run which command and their IP. As i dont have any clue as to which commands would do this job, i request some gurus to help me on this.
Thanks
Vishwas (2 Replies)
Hi all
I want to know the commands executed a by particular user .. for the whole day on my machine.
I have checked out with the commad
$lastcomm <user>
It is throwing an error called: ..
/var/adm/pacct: No such file or directory
Can u help me in this regard..
Thank U
Naree (1 Reply)
Hi all
I want to know the commands executed a by particular user .. for the whole day on my machine.
I have checked out with the commad
$lastcomm <user>
It is throwing an error called: ..
/var/adm/pacct: No such file or directory
Can u help me in this regard..
Thank U... (3 Replies)
Hello Unix Champs,
For keeping audit trail, I want to log the commands entered by the normal users, on their terminal into a text file.
I tried putting a "script -a username.timestamp.txt" in the user profile file, but script command stops execution when user types exit or presses CTRL+D... (3 Replies)
I am executing a find command in my script i.e
find $2 -type f -name '*.gif' -mtime +$1 -exec rm {} \;
how do i check that this command is executed properly.. i would lke t trap the errror and display my error message
kinly help.. this is an urgent issue. (1 Reply)
