On a server, based on OpenSUSE 13.2, I would like to keep informed about root activity by sending me a message at session opening with su. So basically, I have just a sendmail command to put somewhere.
On a previous setup based on OpenSUSE 12.3, putting this line on the root’s .profile file was sufficient, but with 13.2, this doesn’t work anymore.
I have read that a non login shell (as I do with su) shouldn’t read the .profile file, so I’m quite puzzled, since it actually used to work. A turnaround would be to put this line in root’s .bashrc file, but by instance if I su to my root account, open tmux and split it in two, I will receive 3 notifications in total, and that’s not convenient.
On Sat, 31 Jan 2015 23:06:02 +0000, Neraste wrote:
> Hi there
>
> On a server, based on OpenSUSE 13.2, I would like to keep informed about
> root activity by sending me a message at session opening with su. So
> basically, I have just a sendmail command to put somewhere.
>
> On a previous setup based on OpenSUSE 12.3, putting this line on the
> root’s .profile file was sufficient, but with 13.2, this doesn’t work
> anymore.
>
> I have ‘read’ (http://tinyurl.com/maaflog) that a non login shell (as I
> do with su) shouldn’t read the .profile file, so I’m quite puzzled,
> since it actually used to work. A turnaround would be to put this line
> in root’s .bashrc file, but by instance if I su to my root account, open
> tmux and split it in two, I will receive 3 notifications in total, and
> that’s not convenient.
>
> So what should I do? Thanks for your answers.
…bash_login still runs, IIRC, so that should work.
If not working as expected,
It would probably be useful to post in detail exactly what you are doing.
So, for instance I’m going to hazard a guess that you made your original changes directly to a file that was replaced during upgrade.
This is why for instance the comments in /etc/profile explicitly say you should not edit that file directly but should instead create a new file “/etc/profile.local” that would survive an upgrade.
An alternate way to make profile changes that are survivable is to create a file with your alternations in the folder /etc/profile/
When an interactive shell that is not a login shell is started, bash reads and executes commands from /etc/bash.bashrc then ~/.bashrc when those files exist and are readable. This may be inhibited by using the --norc option. The --rcfile file option will force bash to read and execute commands from file instead of ~/.bashrc.
So using .bashrc might help.
But again, for security reasons, you shoud try to learn the habit of using a login shell.
Thank you guys for your answers. Arf, stupid I am! My root shell isn’t Bash, but Zsh. So when I said to modify .bashrc, I meant to modify .zshrc. Sorry for that m(_ _)m .
I’m doing the following: I connect to my server by SSH with a user account (root login by SSH is disabled for security reasons) and then switch to root session with:
user@server $ su
Welcome
root@server #
I have just found Zsh doesn’t source .profile file but .zprofile instead, only if you use su - .
I didn’t know using bare su was a bad practice, so I’m considering to change my habit. But how can I force the user account to use su - instead of su (without using alias)?
I assume that only very few users (maybe only one, but that depends on how big your “company” is) know the root password. I also assume that they are very responsable and disciplined people. As I said, it is a habit. You and those few (if they exist) have to start getting that habit from now on.
I am sorry when this looks a bit like my hobby horse (I recommend this secure behaviour in more threads), but I was amazed to find out that this “best practise” of Unix (and thus Linux) System Managers/Administrators is observed so sloppy by the openSUSE admins (which most of us here are, if we like it or not :)).
It’s ok hcvv! This is a good practice I didn’t know, even though I realize now you can find advices for that everywhere. So, thank you for pointing this out. It’s just that when I have been told about Linux admin, people didn’t told me this fact (note I’m not a professional admin sys, just an enthusiast who runs his own server, with security concerns).
My initial aim is to add a last security layer to root account by telling me each login (I agree, if someone cracks my root password and enters in my system, sending a mail won’t help and there are plenty of true security measures to take before, on the first place). But well, I can’t let this being broken by entering a bare su on command line.
What is strange is that with OpenSUSE 12.3 (it’s a previous configuration, I have reinstalled the system since then), Zsh was sourcing .profile (which is unusual) when login by a bare su (which is also unusual). So I thought it was a common way, but apparently not. Since I have backuped /etc files, I’ll check if there is an explanation of this behavior.
For extra information, here is a recapitulate of sourced files by Bash and Zsh. I should perform some tests.
It is in their man pages. I know they are long and contain a lot of sometimes cryptical information, but that is where it shouldbe (and is, at least for bash, but why not for zsh?).
BTW. An easy way to read (and very important: search throuhg) man pages is using Konqueror. Use the URL
man:/bash
or even shorter
#bash
and you will be presented with a nice formatted man page. where you can use the text search function of Konqueror.