Rootsh instead of sudo su -

[CaptAmerica]

Hey, I'm using RHEL4 and I'm trying to make it so when other engineers type "sudo su -" it does "sudo rootsh" automatically. I know I need to do something in /etc/profiles.d/ but that's about all I could figure out. Anyone know how to do this?

[Albator]

Hi,
I think the following will work for you:
You need to edit the bash profile of the users ~/.bash_profile

Add this to the end:

alias command here= 'what you would like it to do'

then relog, or source .bash_profile to apply changes.

HTH

[atreyu]

Putting the alias in the ~/.bash_profile profiles works just fine.

But you could also make a group (i.e., "engineers") and add all your engineers to it, then put something like this in /etc/profile.d/engineers.sh, which would be read by anyone logging into the system (that uses bash):

Code:

# get GUID of "engineers" group
eng_guid=$(awk -F: '$1 ~ /engineers/{print $3}' /etc/group)

# see if the user running this belongs to the engineers group
id -G|grep -qw $eng_guid
if [ $? -eq 0 ]; then
  alias foo='bar'
fi

O

[CaptAmerica]

Thanks for the responses! I've done "Alias rootsh='su -' " but then it does it's logs as root rather than as the user, I'll try the one by atreyu now and tell you how it works out.

[atreyu]

Make that a lower case "a" in alias...

EDIT: What do you mean by "does it's logs as root"?

[CaptAmerica]

That works, but I'm still getting the issue of it logging as root. When I do "sudo rootsh" it starts the log with the users name and time, and the name of the log contains the user name. When I use an alias though it logs everything as root. The goal is to have the log identified by the user name so I know who's using su -

[atreyu]

Sorry, I'm still confused about logging...what log are you talking about? /var/log/messages? /var/log/secure?

[CaptAmerica]

"Rootsh is a wrapper for shells which logs all echoed keystrokes and terminal output to a file and/or to syslog. It's main purpose is the auditing of users who need a shell with root privileges. They start rootsh through the sudo mechanism." - I'd post the link but I haven't reached 15 posts yet...

[atreyu]

ah, an actual program called rootsh - got it. never used it before, so i tried it out. i'm not seeing what you are seeing though (i think).

Here's what I did:

1) added a line for my regular user in /etc/sudoers to be able to run rootsh:

Code:

user ALL=(root) NOPASSWD: /usr/sbin/rootsh

2) added in alias in ~/.bashrc:

Code:

alias rootsh='sudo /usr/bin/rootsh'

3) ran aliased command:

Code:

rootsh

The following log got created:

Code:

/var/log/rootsh/user.20110826101922.021e5.closed

and in it was:

Code:

exit

*** rootsh session ended by user
rootsh session closed for user on /dev/pts/0 at Fri Aug 26 10:19:28 2011

To me, that looks like it has the user information in it. Is that not what you see, or do you mean something else?

[CaptAmerica]

I was using alias rootsh='su -' When I used alias rootsh='sudo /usr/bin/rootsh' It works just fine now. Thank you!