Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

tracking commands\changes

Status
Not open for further replies.
telemorgan

telemorgan

MIS
Oct 9, 2003
174
US
Hey guys

I am going on vacation next week and another administrator is going to take my place administering our two Solaris servers. I am not very confident in this guys abilities to take control of the system while I am away. I don't want to come back to a pile of headaches.

Is there any way that I could track the commands and\or changes that the administrator will be using while he is logged in for that week?
 
Sort by date Sort by votes
I'd recommend asking the administrator to use sudo instead of logging on as root. The syslog facility will then log the sudo commands and he or she will still be able to do all the duties that are needed.

Couple of gotchas:
-You'll have to make sure that the other admin doesn't use sudo to su to root. This would defeat the purpose of sudo.
-You'll also have to have a "break the glass" policy to allow root login at the console during emergencies.

Using sudo will also encourage the administrator to only use root privledges when it is really necessary.
 
Upvote 0 Downvote
There are only two accounts that we have on our system, root and oracle. He will have access to both while I'm away. The root account is using 'sh' and the oracle is using 'ksh'.
 
Upvote 0 Downvote
Spamly,

Im assumming "sudo" is just a user account that I create and just add to the sysadmin group or something?

Also about the gotcha's,

- I can disable the 'su to root' feature I believe

- The root pw is locked away in a security book, so a "break the glass" policy is already in place if I was not available.

Thanks, any other suggestions out there?

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

iowaprogrammer
  • Locked
  • Question
NFS server - after making changes to /etc/default/nfs What is needed t
Replies
0
Views
74
iowaprogrammer
iowaprogrammer
cruel
  • Locked
  • Question
tracking file access/modification
Replies
6
Views
77
elgrandeperro
elgrandeperro
potuvasu
  • Locked
  • Question
commands in .profile are not getting executed.
Replies
4
Views
64
KenCunningham
KenCunningham
ahmedmt1981
  • Locked
  • Question
cluster commands set
Replies
1
Views
110
harris79
harris79
hcclnoodles
  • Locked
  • Question
US timezone changes 2007
Replies
1
Views
55
rafiki47
rafiki47

Part and Inventory Search

Sponsor

Back
Top