SUMMARY: getting root to always read its .profile

From: Christopher L. Barnard <cbar44_at_tsg.cbot.com>
Date: Thu Aug 08 2002 - 13:35:46 EDT
I asked:

> I have the history for root set up so that there is a separate history
> file for each root session, the name of the person who su-ed to root
> and the current time are in the filename, and the history files are all
> in a separate directory.  It is very nice.  I do it via the root
> /.profile (root's shell is /bin/ksh).
> 
> Occasionally, when someone connects, the root history is just appended
> to /.sh_history ... i.e., the .profile is not read.  I have been trying
> to figure out when and why this happens, but to no avail.  I know that
> it is not when the machine is in single-user mode because I have done
> that and my commands are recorded in the /.history directory as they
> should be.  Can anyone suggest other ways in which the /.profile file
> would not be read by root and so the HISTORY would not be set correctly?
> TIA and I will summarize.

The answer:

A few admins are typing "/bin/su" instead of "/bin/su -".  If you leave
off the -, the destination user environment is not read.

Several people asked me what the modifications to my .profile I use
to log root connections.  It is very short, so I will include it here.
In the root .profile, I have the line

ENV=/.kshrc

then the .kshrc file, which is mode 0400 so that a non-root user cannot
see what I am doing, has the three lines

WHOAMI=`who am i | awk '{print $1"."$6}'`
HISTFILE=/.history/history.$$.$WHOAMI
HISTSIZE=1024

the /.history directory, which I set to mode 0700 so that a non-root user
cannot find out what root did, will have files of the form

history.pid-of-the-session.the-person-who-sued.(the-machine-they-came-from)

Thanks to:
  way, way to many people to list.

+-----------------------------------------------------------------------+
| Christopher L. Barnard         O     When I was a boy I was told that |
| cbarnard@tsg.cbot.com         / \    anybody could become president.  |
| (312) 347-4901               O---O   Now I'm beginning to believe it. |
| http://www.cs.uchicago.edu/~cbarnard                --Clarence Darrow |
+----------PGP public key available via finger or PGP keyserver---------+
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Thu Aug 8 13:34:04 2002

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:51 EST