El mié, 20-08-2008 a las 02:34 +0100, Sam Kuper escribió: > 2008/8/20 Gabriel Parrondo <[EMAIL PROTECTED]> > Well, it sound like you [think you] need to give root access > for someone > to do something, and push it forward by not trusting her. > > No, that's not my situation, and doesn't help answer my question, I'm > afraid. > > I'd still be very grateful for suggestions that do address the > question I asked. If you're wondering what sort of general principles > might inform your answer, the general principles of user privileges > are not the ones I'm interested in; the general principle of hooking > into a command so that when it is run it also triggers another command > is relevant to my problem. The simple reason I did not ask about this > general principle in the first place is that there *might* be some > su-specific way of doing it that isn't generally appropriate for other > commands. (If so, that's fine, because right now I only really want to > know how to do it with su.)
Then, I assume, the ability (of the users) to disable the mail notification is not a problem. You may want to look into some kind of logwatch. Every time someone uses su, this comes out on /var/log/auth.log: Aug 20 22:30:00 localhost su[5120]: + pts/1 gabriel:root You should configure your logwatch to look for it (shouldn't be hard, take a look at logwatch and log2mail) and e-mail on you. Also, if you like the hard way, you can write a pam module. > > -- Gabriel Parrondo GNU/Linux User #404138 GnuPG Public Key ID: BED7BF43 JID: [EMAIL PROTECTED] "The only difference between theory and practice is that, in theory, there's no difference between theory and practice."
signature.asc
Description: Esta parte del mensaje está firmada digitalmente
