Keven Ring said: > *IF* one performs an "su -" from the prompt, there is a log of who > logged in as root [will be one of john, bill, or sam]. *IF* one > remotely logs in as root, then where they came from is logged [and by > looking at who was logged on, could inform you which of john, bill, or > same performed the dirty work]. Doesn't help if multiple users are logged and have ran "su -". You only get a log saying that they have ran su, not what commands they have executed as root. > OTOH, if rm -rf / is executed, as root, this will wipe the hard drive, > including logs..... That's why syslogd has a network logging function. > [Note, I have performed this on a running system *on purpose* [it was > going to be re-imaged anyway]]. > > Note, also, that NFS mounts and such often require root password > priviledges. So, if john, bill, and sam all know root password, then > you are setting yourself up for some bad situations. Which is why automounting is usually set up. -- William Hooper
