Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!romp!auschs!awdprime!levell.austin.ibm.com!julie
From: julie@levell.austin.ibm.com (Julie A. Levell)
Newsgroups: comp.unix.aix
Subject: Re: root restrictions
Message-ID: <8540@awdprime.UUCP>
Date: 17 Jun 91 20:04:58 GMT
References: <8439@awdprime.UUCP> <1991Jun14.045407.23003@kithrup.COM> <19387@rpp386.cactus.org>
Sender: news@awdprime.UUCP
Organization: IBM AWD, Austin
Lines: 22

>>In article <8439@awdprime.UUCP> shaggy@kleikamp.austin.ibm.com (David J. Kleikamp) writes:
>
>As I recall (and I can ask Tom when I see him tomorrow), "su" does not
>support the /usr/adm/sulog like other "su"'s do.  It performs auditing,
>which is implmented in such a way that it can be made untamperable.
>
Well, thanks to apar ix16167, su will now report to syslog.  Just add

auth.debug      /tmp/yourfile /* OR /dev/console, or whatever */

to /etc/syslog.conf file, and wa-la su's will be recorded.

The fix should be in 2007, otherwise you can request it from defect
support.

>John F. Haugh II        | Distribution to  | UUCP: ...!cs.utexas.edu!rpp386!jfh

-- 
*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
Julie A. Levell  IBM  Austin, Texas      Internet: julie@aixwiz.austin.ibm.com
IBMNET: JULIEL at AUSVMQ 4C-29/994       SpeakNet:  823-5178 (Tie 793-5178)
"Let's use the ODM Interface"  Commander William Riker  STTNG  "The Nth Degree"