On a server, based on OpenSUSE 13.2, I would like to keep informed about root activity by sending me a message at session opening with su. So basically, I have just a sendmail command to put somewhere.
On a previous setup based on OpenSUSE 12.3, putting this line on the root’s .profile file was sufficient, but with 13.2, this doesn’t work anymore.
I have read that a non login shell (as I do with su) shouldn’t read the .profile file, so I’m quite puzzled, since it actually used to work. A turnaround would be to put this line in root’s .bashrc file, but by instance if I su to my root account, open tmux and split it in two, I will receive 3 notifications in total, and that’s not convenient.
On Sat, 31 Jan 2015 23:06:02 +0000, Neraste wrote:
> Hi there
> On a server, based on OpenSUSE 13.2, I would like to keep informed about
> root activity by sending me a message at session opening with su. So
> basically, I have just a sendmail command to put somewhere.
> On a previous setup based on OpenSUSE 12.3, putting this line on the
> root’s .profile file was sufficient, but with 13.2, this doesn’t work
> I have ‘read’ (http://tinyurl.com/maaflog) that a non login shell (as I
> do with su) shouldn’t read the .profile file, so I’m quite puzzled,
> since it actually used to work. A turnaround would be to put this line
> in root’s .bashrc file, but by instance if I su to my root account, open
> tmux and split it in two, I will receive 3 notifications in total, and
> that’s not convenient.
> So what should I do? Thanks for your answers.
…bash_login still runs, IIRC, so that should work.
If not working as expected,
It would probably be useful to post in detail exactly what you are doing.
So, for instance I’m going to hazard a guess that you made your original changes directly to a file that was replaced during upgrade.
This is why for instance the comments in /etc/profile explicitly say you should not edit that file directly but should instead create a new file “/etc/profile.local” that would survive an upgrade.
An alternate way to make profile changes that are survivable is to create a file with your alternations in the folder /etc/profile/
When an interactive shell that is not a login shell is started, bash reads and executes commands from /etc/bash.bashrc then ~/.bashrc when those files exist and are readable. This may be inhibited by using the --norc option. The --rcfile file option will force bash to read and execute commands from file instead of ~/.bashrc.
So using .bashrc might help.
But again, for security reasons, you shoud try to learn the habit of using a login shell.
I assume that only very few users (maybe only one, but that depends on how big your “company” is) know the root password. I also assume that they are very responsable and disciplined people. As I said, it is a habit. You and those few (if they exist) have to start getting that habit from now on.
I am sorry when this looks a bit like my hobby horse (I recommend this secure behaviour in more threads), but I was amazed to find out that this “best practise” of Unix (and thus Linux) System Managers/Administrators is observed so sloppy by the openSUSE admins (which most of us here are, if we like it or not :)).
It’s ok hcvv! This is a good practice I didn’t know, even though I realize now you can find advices for that everywhere. So, thank you for pointing this out. It’s just that when I have been told about Linux admin, people didn’t told me this fact (note I’m not a professional admin sys, just an enthusiast who runs his own server, with security concerns).
My initial aim is to add a last security layer to root account by telling me each login (I agree, if someone cracks my root password and enters in my system, sending a mail won’t help and there are plenty of true security measures to take before, on the first place). But well, I can’t let this being broken by entering a bare su on command line.
What is strange is that with OpenSUSE 12.3 (it’s a previous configuration, I have reinstalled the system since then), Zsh was sourcing .profile (which is unusual) when login by a bare su (which is also unusual). So I thought it was a common way, but apparently not. Since I have backuped /etc files, I’ll check if there is an explanation of this behavior.
For extra information, here is a recapitulate of sourced files by Bash and Zsh. I should perform some tests.