setuids_example.txt   [plain text]


The following is an example of setuids.d. Login events in particular can
be seen, along with use of the "su" command.

   # ./setuids.d 
     UID  SUID  PPID   PID PCMD         CMD
       0   100  3037  3040 in.telnetd   login -p -h mars -d /dev/pts/12
     100     0  3040  3045 bash         su -
       0   102  3045  3051 sh           su - fred
       0   100  3055  3059 sshd         /usr/lib/ssh/sshd
       0   100  3065  3067 in.rlogind   login -d /dev/pts/12 -r mars
       0   100  3071  3073 in.rlogind   login -d /dev/pts/12 -r mars
       0   102  3078  3081 in.telnetd   login -p -h mars -d /dev/pts/12
   ^C

The first line is a telnet login to the user brendan, UID 100. The parent
command is "in.telnetd", the telnet daemon spawned by inetd, and the 
command that in.telnetd runs is "login".

The second line shows UID 100 using the "su" command to become root.

The third line has the root user using "su" to become fred, UID 102.

The fourth line is an example of an ssh login.

The fifth and sixth lines are examples of rsh and rlogin.

The last line is another example of a telnet login for fred, UID 102.