Question about login logs using “sudo su - username”?












0















While doing my Linux training I found this curiosity:



If I do "sudo su - username" and log into that username account, it doesn't count as login when I do "finger username"



enter image description here



Take this image where "jonathan" it's me (current user) and alumne2 is another account I created to test basic commands on it.



Why it doesn't show up the last logging (finger alumne2) if from jonathan I "log in" as "sudo su - alumne2"?






linux command learning







share|improve this question




















  • 1





    Neither sudo nor su are login programs. That's why they don't show up in the "last login" output; you're not logging in as that user; you're assuming that user's identity... a different function, entirely.

    – Stephen Harris
    Nov 30 '18 at 16:09













  • So you access an account but don't log in? Can you explain me that in a solution? Thanks

    – WhiteGlove
    Nov 30 '18 at 16:10











  • Related: Is there ever a good reason to run sudo su?

    – Kusalananda
    Nov 30 '18 at 16:52






  • 1





    Please, don't post images of text.

    – Kusalananda
    Nov 30 '18 at 16:53
















0















While doing my Linux training I found this curiosity:



If I do "sudo su - username" and log into that username account, it doesn't count as login when I do "finger username"



enter image description here



Take this image where "jonathan" it's me (current user) and alumne2 is another account I created to test basic commands on it.



Why it doesn't show up the last logging (finger alumne2) if from jonathan I "log in" as "sudo su - alumne2"?






linux command learning







share|improve this question




















  • 1





    Neither sudo nor su are login programs. That's why they don't show up in the "last login" output; you're not logging in as that user; you're assuming that user's identity... a different function, entirely.

    – Stephen Harris
    Nov 30 '18 at 16:09













  • So you access an account but don't log in? Can you explain me that in a solution? Thanks

    – WhiteGlove
    Nov 30 '18 at 16:10











  • Related: Is there ever a good reason to run sudo su?

    – Kusalananda
    Nov 30 '18 at 16:52






  • 1





    Please, don't post images of text.

    – Kusalananda
    Nov 30 '18 at 16:53














0












0








0








While doing my Linux training I found this curiosity:



If I do "sudo su - username" and log into that username account, it doesn't count as login when I do "finger username"



enter image description here



Take this image where "jonathan" it's me (current user) and alumne2 is another account I created to test basic commands on it.



Why it doesn't show up the last logging (finger alumne2) if from jonathan I "log in" as "sudo su - alumne2"?






linux command learning







share|improve this question
















While doing my Linux training I found this curiosity:



If I do "sudo su - username" and log into that username account, it doesn't count as login when I do "finger username"



enter image description here



Take this image where "jonathan" it's me (current user) and alumne2 is another account I created to test basic commands on it.



Why it doesn't show up the last logging (finger alumne2) if from jonathan I "log in" as "sudo su - alumne2"?






linux command learning




linux command learning






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 6 mins ago









Rui F Ribeiro

39.5k1479132




39.5k1479132










asked Nov 30 '18 at 16:06









WhiteGloveWhiteGlove

124




124








  • 1





    Neither sudo nor su are login programs. That's why they don't show up in the "last login" output; you're not logging in as that user; you're assuming that user's identity... a different function, entirely.

    – Stephen Harris
    Nov 30 '18 at 16:09













  • So you access an account but don't log in? Can you explain me that in a solution? Thanks

    – WhiteGlove
    Nov 30 '18 at 16:10











  • Related: Is there ever a good reason to run sudo su?

    – Kusalananda
    Nov 30 '18 at 16:52






  • 1





    Please, don't post images of text.

    – Kusalananda
    Nov 30 '18 at 16:53














  • 1





    Neither sudo nor su are login programs. That's why they don't show up in the "last login" output; you're not logging in as that user; you're assuming that user's identity... a different function, entirely.

    – Stephen Harris
    Nov 30 '18 at 16:09













  • So you access an account but don't log in? Can you explain me that in a solution? Thanks

    – WhiteGlove
    Nov 30 '18 at 16:10











  • Related: Is there ever a good reason to run sudo su?

    – Kusalananda
    Nov 30 '18 at 16:52






  • 1





    Please, don't post images of text.

    – Kusalananda
    Nov 30 '18 at 16:53








1




1





Neither sudo nor su are login programs. That's why they don't show up in the "last login" output; you're not logging in as that user; you're assuming that user's identity... a different function, entirely.

– Stephen Harris
Nov 30 '18 at 16:09







Neither sudo nor su are login programs. That's why they don't show up in the "last login" output; you're not logging in as that user; you're assuming that user's identity... a different function, entirely.

– Stephen Harris
Nov 30 '18 at 16:09















So you access an account but don't log in? Can you explain me that in a solution? Thanks

– WhiteGlove
Nov 30 '18 at 16:10





So you access an account but don't log in? Can you explain me that in a solution? Thanks

– WhiteGlove
Nov 30 '18 at 16:10













Related: Is there ever a good reason to run sudo su?

– Kusalananda
Nov 30 '18 at 16:52





Related: Is there ever a good reason to run sudo su?

– Kusalananda
Nov 30 '18 at 16:52




1




1





Please, don't post images of text.

– Kusalananda
Nov 30 '18 at 16:53





Please, don't post images of text.

– Kusalananda
Nov 30 '18 at 16:53










2 Answers
2






active

oldest

votes


















1














There are multiple ways of gaining access to a user account; for example you may login on a console, or ssh to a server, or ftp to get files, or have a cron job or...



Not all of these methods are considered "login".



sudo and su are ways of assuming an account identity, but neither of these are considered login methods.



So if you do a finger or last or look at the lastlogin records then you may not see activity under that account being reported there.



You may only see it in things like /var/log/auth.log (exact file name will depend on your OS).






share|improve this answer
























  • I tested that and you are right! For a moment I thought I discovered some flaw in security.

    – WhiteGlove
    Dec 1 '18 at 15:55



















1














As stated by Stephen Harris in the comments, su is not a login command. Rather, you are substituting your shells current identity with another one.



This is nicely explained in OpenBSD's man page for su.




The su utility allows a user to run a shell with the user and group ID
of another user without having to log out and in as that other user.



By default, the environment is unmodified with the exception of
LOGNAME, HOME, SHELL, and USER. HOME and SHELL are set to the target
login's default values. LOGNAME and USER are set to the target login,
unless the target login has a user ID of 0 and the -l flag was not
specified, in which case it is unmodified. The invoked shell is the
target login's. This is the traditional behavior of su.







share|improve this answer
























  • It's an augmentation rather than a substitution, as the original account remains available. jdebp.eu./FGA/dont-abuse-su-for-dropping-privileges.html

    – JdeBP
    Dec 1 '18 at 10:52











  • Thanks a lot for the info, I will take a look!

    – WhiteGlove
    Dec 1 '18 at 15:53











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f485187%2fquestion-about-login-logs-using-sudo-su-username%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























2 Answers
2






active

oldest

votes








2 Answers
2






active

oldest

votes









active

oldest

votes






active

oldest

votes









1














There are multiple ways of gaining access to a user account; for example you may login on a console, or ssh to a server, or ftp to get files, or have a cron job or...



Not all of these methods are considered "login".



sudo and su are ways of assuming an account identity, but neither of these are considered login methods.



So if you do a finger or last or look at the lastlogin records then you may not see activity under that account being reported there.



You may only see it in things like /var/log/auth.log (exact file name will depend on your OS).






share|improve this answer
























  • I tested that and you are right! For a moment I thought I discovered some flaw in security.

    – WhiteGlove
    Dec 1 '18 at 15:55
















1














There are multiple ways of gaining access to a user account; for example you may login on a console, or ssh to a server, or ftp to get files, or have a cron job or...



Not all of these methods are considered "login".



sudo and su are ways of assuming an account identity, but neither of these are considered login methods.



So if you do a finger or last or look at the lastlogin records then you may not see activity under that account being reported there.



You may only see it in things like /var/log/auth.log (exact file name will depend on your OS).






share|improve this answer
























  • I tested that and you are right! For a moment I thought I discovered some flaw in security.

    – WhiteGlove
    Dec 1 '18 at 15:55














1












1








1







There are multiple ways of gaining access to a user account; for example you may login on a console, or ssh to a server, or ftp to get files, or have a cron job or...



Not all of these methods are considered "login".



sudo and su are ways of assuming an account identity, but neither of these are considered login methods.



So if you do a finger or last or look at the lastlogin records then you may not see activity under that account being reported there.



You may only see it in things like /var/log/auth.log (exact file name will depend on your OS).






share|improve this answer













There are multiple ways of gaining access to a user account; for example you may login on a console, or ssh to a server, or ftp to get files, or have a cron job or...



Not all of these methods are considered "login".



sudo and su are ways of assuming an account identity, but neither of these are considered login methods.



So if you do a finger or last or look at the lastlogin records then you may not see activity under that account being reported there.



You may only see it in things like /var/log/auth.log (exact file name will depend on your OS).







share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 30 '18 at 16:14









Stephen HarrisStephen Harris

25.4k24477




25.4k24477













  • I tested that and you are right! For a moment I thought I discovered some flaw in security.

    – WhiteGlove
    Dec 1 '18 at 15:55



















  • I tested that and you are right! For a moment I thought I discovered some flaw in security.

    – WhiteGlove
    Dec 1 '18 at 15:55

















I tested that and you are right! For a moment I thought I discovered some flaw in security.

– WhiteGlove
Dec 1 '18 at 15:55





I tested that and you are right! For a moment I thought I discovered some flaw in security.

– WhiteGlove
Dec 1 '18 at 15:55













1














As stated by Stephen Harris in the comments, su is not a login command. Rather, you are substituting your shells current identity with another one.



This is nicely explained in OpenBSD's man page for su.




The su utility allows a user to run a shell with the user and group ID
of another user without having to log out and in as that other user.



By default, the environment is unmodified with the exception of
LOGNAME, HOME, SHELL, and USER. HOME and SHELL are set to the target
login's default values. LOGNAME and USER are set to the target login,
unless the target login has a user ID of 0 and the -l flag was not
specified, in which case it is unmodified. The invoked shell is the
target login's. This is the traditional behavior of su.







share|improve this answer
























  • It's an augmentation rather than a substitution, as the original account remains available. jdebp.eu./FGA/dont-abuse-su-for-dropping-privileges.html

    – JdeBP
    Dec 1 '18 at 10:52











  • Thanks a lot for the info, I will take a look!

    – WhiteGlove
    Dec 1 '18 at 15:53
















1














As stated by Stephen Harris in the comments, su is not a login command. Rather, you are substituting your shells current identity with another one.



This is nicely explained in OpenBSD's man page for su.




The su utility allows a user to run a shell with the user and group ID
of another user without having to log out and in as that other user.



By default, the environment is unmodified with the exception of
LOGNAME, HOME, SHELL, and USER. HOME and SHELL are set to the target
login's default values. LOGNAME and USER are set to the target login,
unless the target login has a user ID of 0 and the -l flag was not
specified, in which case it is unmodified. The invoked shell is the
target login's. This is the traditional behavior of su.







share|improve this answer
























  • It's an augmentation rather than a substitution, as the original account remains available. jdebp.eu./FGA/dont-abuse-su-for-dropping-privileges.html

    – JdeBP
    Dec 1 '18 at 10:52











  • Thanks a lot for the info, I will take a look!

    – WhiteGlove
    Dec 1 '18 at 15:53














1












1








1







As stated by Stephen Harris in the comments, su is not a login command. Rather, you are substituting your shells current identity with another one.



This is nicely explained in OpenBSD's man page for su.




The su utility allows a user to run a shell with the user and group ID
of another user without having to log out and in as that other user.



By default, the environment is unmodified with the exception of
LOGNAME, HOME, SHELL, and USER. HOME and SHELL are set to the target
login's default values. LOGNAME and USER are set to the target login,
unless the target login has a user ID of 0 and the -l flag was not
specified, in which case it is unmodified. The invoked shell is the
target login's. This is the traditional behavior of su.







share|improve this answer













As stated by Stephen Harris in the comments, su is not a login command. Rather, you are substituting your shells current identity with another one.



This is nicely explained in OpenBSD's man page for su.




The su utility allows a user to run a shell with the user and group ID
of another user without having to log out and in as that other user.



By default, the environment is unmodified with the exception of
LOGNAME, HOME, SHELL, and USER. HOME and SHELL are set to the target
login's default values. LOGNAME and USER are set to the target login,
unless the target login has a user ID of 0 and the -l flag was not
specified, in which case it is unmodified. The invoked shell is the
target login's. This is the traditional behavior of su.








share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 30 '18 at 16:15









PeschkePeschke

2,523924




2,523924













  • It's an augmentation rather than a substitution, as the original account remains available. jdebp.eu./FGA/dont-abuse-su-for-dropping-privileges.html

    – JdeBP
    Dec 1 '18 at 10:52











  • Thanks a lot for the info, I will take a look!

    – WhiteGlove
    Dec 1 '18 at 15:53



















  • It's an augmentation rather than a substitution, as the original account remains available. jdebp.eu./FGA/dont-abuse-su-for-dropping-privileges.html

    – JdeBP
    Dec 1 '18 at 10:52











  • Thanks a lot for the info, I will take a look!

    – WhiteGlove
    Dec 1 '18 at 15:53

















It's an augmentation rather than a substitution, as the original account remains available. jdebp.eu./FGA/dont-abuse-su-for-dropping-privileges.html

– JdeBP
Dec 1 '18 at 10:52





It's an augmentation rather than a substitution, as the original account remains available. jdebp.eu./FGA/dont-abuse-su-for-dropping-privileges.html

– JdeBP
Dec 1 '18 at 10:52













Thanks a lot for the info, I will take a look!

– WhiteGlove
Dec 1 '18 at 15:53





Thanks a lot for the info, I will take a look!

– WhiteGlove
Dec 1 '18 at 15:53


















draft saved

draft discarded




















































Thanks for contributing an answer to Unix & Linux Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f485187%2fquestion-about-login-logs-using-sudo-su-username%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Histoire des bourses de valeurs

Image
L’ histoire des bourses de valeurs retrace les étapes de l'émergence d'espaces de valorisation des obligations, qui dominent ainsi jusqu'au milieu du XIX e  siècle. Auparavant, le financement des armements navals vénitiens et hollandais sous la forme d'actions reste une exception. Elles prennent leur essor au XVIII e  siècle sur un marché déjà mondialisé, soutenu par les banques centrales et le Trésor public. L'émergence de la presse écrite, qui publie des listes de cours, puis du télégraphe, qui les diffuse rapidement, permet aux entreprises de faire connaître leur activité et aux actions de prendre le relais vers le milieu du XIX e  siècle, le développement des chemins de fer, de l'extraction de matières premières et précieuses s'ajoutant à celui des banques et des canaux. La Bourse reste affaire de territoires et concessions. Jusqu'au XX e  siècle, les entreprises industrielles n'y prennent qu'une place minoritaire, avant d'y connaît...
Read more

Why is there Russian traffic in my log files?

Image
0 My family's business runs a website with GoDaddy for promotional purposes. I checked the logs the other day and found some really strange traffic that I don't exactly understand: 188.234.248.201 - - [31/Jan/2019:10:22:26 -0700] "GET / HTTP/1.1" 301 241 "http://reduslimofficial.ru/about/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134" 185.127.17.253 - - [31/Jan/2019:10:23:15 -0700] "GET / HTTP/1.1" 301 237 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11" 216.244.66.244 - - [31/Jan/2019:11:06:44 -0700] "GET /robots.txt HTTP/1.1" 301 251 "-" "Mozilla/5.0 (compatible; DotBot/1....
Read more

Mouloudia Club d'Alger (football)

Image
Pour les articles homonymes, voir Mouloudia (homonymie) et MCA. Le ton de cet article ou de cette section est trop élogieux, voire hagiographique (mars 2018). Modifiez l'article pour adopter un ton neutre ou discutez-en. Le fond de cet article sur le sport est à vérifier (septembre 2018). Améliorez-le ou discutez des points à vérifier. Si vous venez d’apposer le bandeau, merci d’indiquer ici les points à vérifier. .mw-parser-output .entete.football{background-image:url("//upload.wikimedia.org/wikipedia/commons/f/f8/Infobox_Football_pictogram.png")} Mouloudia Club d'Alger Logo du Mouloudia Club d'Alger Généralités Nom complet Mouloudia Club d'Alger Surnoms Le Mouloudia Le Club du Peuple le MCA Les Verts et Rouges Le Club des Martyrs Noms précédents Mouloudia Club Algérois (1921) Mouloudia Club d'Alger (1930) Mouloudia Châabia d'Alger (1970) Mouloudia Pétroliers d'Alger (1977) Mouloudia d'Alge...
Read more