[sudo-users] SUDO_USER - Identifying the account used to log into a server
DARREN MILLIN
d.millin at btinternet.com
Wed Feb 8 08:42:13 EST 2006
Hi,
I am running sudo 1.6.8p9 on a Solaris 8 server. I
have a number of users, who's profiles immedialely run
a "sudo su - helpdesk", from their .profile, to gain
access to a Solaris Role called helpdesk. Once the
users enter the role, they are presented with a menu.
The reason for this is to prevent users from logging
into a generic account. In short, this provides us
with an audit trail of who's accessing the role.
I have been asked to implement a script to log the
user onto a database. However, the logon script needs
to the original user
account. From reading the man page, I noticed that the
SUDO_USER
environmental variable should fit the bill.
When i try to log on as the user, the enviorment is
set to:
**********OPERATOR*********
PATH=/usr/bin
TERM=vt100
HOME=/export/home/helpdesk/hdb
SHELL=/bin/ksh
LOGNAME=root
USER=root
SUDO_COMMAND=/usr/bin/env
SUDO_USER=hdb
SUDO_UID=1111
SUDO_GID=2360
*******************************
After the sudo su - helpdesk is executed, the
environment
is set to:
**********HELDESK ROLE*********
PATH=/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
TERM=vt100
HOME=/darren/helpdesk
SHELL=/bin/pfksh
LOGNAME=helpdesk
USER=helpdesk
SUDO_COMMAND=/usr/bin/env
SUDO_USER=helpdesk
SUDO_UID=9000
SUDO_GID=2630
*******************************
Is there any way to peserve the original SUDO_USER ? I
could
always use the output of `who am i`, but I would like
to see
if there was some way to get this information via
sudo.
Regards,
Darren
More information about the sudo-users
mailing list