So you want to check who have ever accessed your Solaris system. Tracking or monitoring users on a system is quite an important part of ‘Solaris Adminstrators’ role.
There are two parts to it:
– Who is currently logged in
– Who has previously accessed this machine
To the details of users who are currently logged in to the system, fire the following command:
This gives the limited details of the user logged in. If you also want to know who is running what program, there is another command:
But this is only about the users who currently logged in to the system. What about if they logged out some time back. Or if they used your system when you were not monitoring? No worry …
This command records all login and logouts. So you may have to use more or less to control the output.
There is one more log that keeps record of user switching. So if anybody has used su command to swith to some other user it will keep a log of it under /var/adm/sulog. You can cat this file to see the output.
# cat /var/adm/sulog
SU 06/26 16:25 + syscon root-root
SU 06/26 17:39 + syscon root-root
SU 07/02 11:11 + console root-sysadmin
SU 07/02 11:19 + console root-mgreen
SU 07/07 09:11 + pts/1 sysadmin-root
SU 07/08 10:45 + pts/4 testuser-root
So if somebody logged in as root directly then it would come under last command and if someone is logging in as normal user but later switching to root with ‘su’ command you can check that in the sulog.
Now you have complete information of users logging in to your system.