Re: `su to root' entry in syslog
Ok, then, have the user change his OWN password and verify that the user was in
fact logged on (and not someone else using his account) when the message was
logged. Is there anyone else that lives with him that might be using his
account?
On 15-Nov-97 Ben Pfaff wrote:
> George Bonser <grep@oriole.sbay.org> writes:
>> Either the program he is running is suid root (look for a file owned by root
>> with the s set in the file permissions when you do an ls -l on the file.) Or
>> you have sudo or some such that is allowing to execute certain programs as
>> root.
>
> Hmmm... But suid programs don't log like that. And /etc/sudoers only
> has entries for blp and root, not eric (the user).
>
>> Still, it would not hurt to change the root password. Someone could have
>> guessed that user's password and might be using the account.
>
> The root password is a string of random characters, and all the
> login's on his account have come from his computer, not from any other
> one.
> --
> Ben Pfaff <pfaffben@pilot.msu.edu> <blp@gnu.org> <pfaffben@debian.org>
>
>
> --
> TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
> debian-user-request@lists.debian.org .
> Trouble? e-mail to templin@bucknell.edu .
>
>
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: