Why do you have step #2? It seems unnecessary and introduces the problem of making it hard to audit. There is probably a way around it.
|
only su or sudo... note - it is a shared account, the only way to know which user is logging in is from the logs of either su or sudo.
Now after they are logged in, everything is done in common. |
You could just patch sudo itself to log to a file the uid from which it was called. You coud do it in a few lines of code. Even better, make a script called ssudo or something that first logs the uid and then calls the real sudo.
|
All times are GMT -5. The time now is 02:59 AM. |