Identifying non-administrators w/ root privilege/ Multiple root account in use
I need your help with following questions below:
Question 1: Is there a menthod (command) that could be use to displays a list of all users logged in (and/or out) since a file and/or directories was created. My purpose is to identify non-admnistrators who were able to view root own files.
Question 2: What are the security risks associated with using multiple accounts w/ UID of zero?
For example, root (default), rootk and rootc have UID of 0s. However, the shells are different? Is that a security risk. If so, why?