On Sat, 19 Feb 2022 19:09:15 +0100 "d...@d404.nl" <d...@d404.nl> wrote: > > Probably not helpful too but does auth.log show something from the > use of exec=ยจ/bin/su" ?
Yes, as my standard user is not a "sudoer", I use to get a root shell by 'su'ing into the admin account and then 'sudo su -' from there, so I have numerous sets like the following in the auth.log: # cat /var/log/auth.log | grep -B2 -A5 '/bin/su' Feb 19 20:15:24 nulldevice su: (to administrator) florian on pts/1 Feb 19 20:15:24 nulldevice su: pam_unix(su:session): session opened for user administrator(uid=1000) by (uid=1001) Feb 19 20:15:30 nulldevice sudo: administrator : TTY=pts/1 ; PWD=/home/florian ; USER=root ; COMMAND=/bin/su - Feb 19 20:15:30 nulldevice sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) Feb 19 20:15:30 nulldevice su: (to root) florian on pts/1 Feb 19 20:15:30 nulldevice su: pam_unix(su-l:session): session opened for user root(uid=0) by (uid=0) Feb 19 20:17:01 nulldevice CRON[4512]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0) Feb 19 20:17:01 nulldevice CRON[4512]: pam_unix(cron:session): session closed for user root _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
