How to tell if more than one person is sharing a user account
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
If you think they are using different machines (and the same person should always be using the same machine) then you could use the "last" command to see what hostname they logged in from.
If you think they are using different machines (and the same person should always be using the same machine) then you could use the "last" command to see what hostname they logged in from.
The bold part is definitely not true!
One can log in from home (being on-call and/or working flexible), from (one of) the office(s) and in some cases when on-the-road.......
And even if the environment is set up to have access from one specific machine, you cannot find out who/what actually gave the login credentials.
There is software that tracks things like keyboard usage to determine if a user is the same as previously. Needs to learn but apparently doesn't take much.
Sites with high security clearance use this sort of thing. Not sure if an open source alternative is available.
I think that was a case of "And IF they should be logging in from the same machine"
??? I don't get what you are trying to tell me.
I'm assuming you are talking about the last sentence (And even if the environment is ....), which seems to be a more specific case of your "And IF they should be logging in from the same machine"...
You will get the number of users logged in to the server from different machine. Person's who are all logged into the server with same name but with different client IP should be considered as shared account.
You can write your own perl/python scripts to parse the output of the finger command.
Best Regards,
Last edited by prodev05; 12-07-2010 at 03:54 AM.
Reason: spelling mistake
I think that was a case of "And IF they should be logging in from the same machine"
Yes it was meant as an IF - I had already used IF at the start of the sentence. Anyway, I'm not getting into a discussion as to the in's and out's of correct grammar.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.