test

System Administration Guide

How to Monitor Who Is Using the su Command

  1. Become superuser.

  2. Edit the /etc/default/su file.

  3. Uncomment the following line.


    SULOG=/var/adm/sulog

  4. After modifying the /etc/default/su file, use the su command several times and display the /var/adm/sulog file. You should see an entry for each time you used the su command.


    # more /var/adm/sulog
SU 12/20 16:26 + pts/0 nathan-root
SU 12/21 10:59 + pts/0 nathan-root
SU 01/12 11:11 + pts/0 root-joebob
SU 01/12 14:56 + pts/0 pmorph-root
SU 01/12 14:57 + pts/0 pmorph-root