2003-01-21T03:44:48 Pinel Pierre-Marc:
> I need to log the use of the adduser comand on a Red
> Hat server.
>
> Is there any other solution than to modify comand and
> doing a script than logs an event.
The easiest solution to implement, especially for a one-off, would
be
mkdir /usr/sbin/_real
mv /usr/sbin/adduser /usr/sbin/_real/adduser
cat >/usr/sbin/adduser <<-Eof
#!/bin/sh
test $# -gt 0 && logger -p auth.info -t adduser "$@"
exec /usr/sbin/_real/adduser.real ${1+"$@"}
Eof
chmod 755 /usr/sbin/adduser
(_real used because /usr/sbin/adduser is a symlink to
/usr/sbin/useradd, so I fear it might be dispatching on basename $0
to determine behavior). It might be more complete to wrap useradd
instead.
That's sort of an honor-system logging setup; anybody who knows
what's been done can hit the original, unwrapped command to bypass
the logging. To prevent that, just yank normal full root privs from
the people whose adduser-use you want to log, and give them sudo
permission to run the wrapper.
If you've got lots and loads of systems, whatever solution you
end up liking to implement could be rpmmed, either by re-wrapping
shadow-utils (the package that owns adduser) or by wrapping an addon
that depends on shadow-utils, installs the wrapper under a distinct
name, then does symlink-switching in postinstall and preremove
sections.
Re-wrapping shadow-utils is far cleaner, since that's what you have
to do to get rpm -V to keep working right. Or, put your wrapper in
some other directory besides /usr/sbin/, that's earlier on the paths
of the users whose use you want to log.
-Bennett
This archive was generated by hypermail 2b30 : Tue Jan 21 2003 - 10:45:21 PST