1
who命令从/var/adm/utmpx中读取信息The command reads the binary file
/var/adm/utmpx to obtain this information and information about where
the users logged in from.
The who -m command outputs information about only the current
terminal window.
rusers -l从/usr/lib/netsvc/rusers/rpc.rusersd读取信息
finger -l
finger -m从/etc/passwd文件读取信息
last 从/var/adm/wtmpx文件读取信息
last -n 5 reboot
reboot system boot Wed Feb 20 13:20
reboot system boot Wed Feb 20 13:18
reboot system boot Fri Feb 1 12:46
reboot system boot Thu Jan 17 09:02
reboot system boot Thu Jan 17 08:55
# last user9
user9 console :0 Mon Dec 17 10:38 still logged in
user9 console :0 Fri Dec 14 10:18 - 10:25 (00:07)
(output truncated
You can log failed command-line login attempts in the
/var/adm/loginlog file.默认情况下,此文件不存在,需手动建立
# touch /var/adm/loginlog
# chown root:sys /var/adm/loginlog
# chmod 600 /var/adm/loginlog
su - username
who am i
$ su user2
password: EnterPassword
$ who am i
user1 pts/2 Dec 17 12:18 (129.147.4.12)
An alternative to the who am i command is the who -m command.
whoami The whoami command resides in the /usr/ucb directory.
$ whoami
user1
$ pwd
/export/home/user1
$ su
password: EnterPassword
# whoami
root
Dec 17 12:35:47 sys41 su: ’su root’ failed for
usera on /dev/pts/2
会记录到/var/adm/messages下面
/etc/default/su文件里可指定su命令记录的日志位置,默认是/va/adm/sulog文件
# more /var/adm/sulog
SU 10/20 14:50 + console root-sys
SU 10/20 16:55 + pts/2 user3-root
SU 11/05 11:21 - pts/3 user1-root
有密码的用户,在登陆时会经过文件/etc/hosts.equiv 、 $HOME/.rhosts的验证
这两个文件系统默认不存在
The host names in the /etc/hosts.equiv and $HOME/.rhosts files must
be the official name of the host, not one of its alias names.
The /etc/hosts.equiv file is not checked at all if the remote user
requesting local access is the root user.
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u1/40476/showart_326403.html
页:
[1]