This is disabled by default on Ubuntu.
Read your /root/.bashrc
:
# enable programmable completion features (you don't need to enable
# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
# sources /etc/bash.bashrc).
#if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
# . /etc/bash_completion
#fi
Bash completion is all commented out. Apparently there's a reason for it I'm not aware of (recovery single user mode perhaps?).
The reason for why it does work when you do sudo su
, sudo -s
, sudo bash
is that it doesn't really run login
to make you completely root. When running sudo su -
or sudo -i
it really does completely logs you in as that user. Here, by example of the environment variable $HOME
, more of this difference:
gert@gert-laptop:~$ id
uid=1000(gert) gid=1000(gert) groups=1000(gert),4(adm),7(lp),24(cdrom),27(sudo),[...]
gert@gert-laptop:~$ echo $HOME
/home/gert
gert@gert-laptop:~$ sudo -s
root@gert-laptop:~# id
uid=0(root) gid=0(root) groups=0(root)
root@gert-laptop:~# echo $HOME
/home/gert
root@gert-laptop:~# exit
gert@gert-laptop:~$ sudo su -
root@gert-laptop:~# id
uid=0(root) gid=0(root) groups=0(root)
root@gert-laptop:~# echo $HOME
/root
Well, this is being done your shell itself. Apparently it is monitoring the file (or directory) pointed by the MAIL
(or MAILPATH
) environment variable.
This is documented in man bash
:
MAIL
If this parameter is set to a file or directory name and
the MAILPATH variable is not set, bash informs the user of the arrival
of mail in the specified file or Maildir-format directory
On a different note the contents of motd
is actually governed by the PAM module pam_motd
(the shell might have something to add though as per user configuration files).
By default pam_motd
shows the static content of the /etc/motd
file along with the dynamic outputs generated from running scripts in the /etc/update-motd.d
directory (using run-parts
).
Best Answer
I assume the root account is not enabled (as it is by default), so only
sudo -i
is applicable for a user to become root. My suggestion is the following script that uses the commandswho -u
andpgrep -at <tty parsed from who -u>
to find whichuser
on whichtty
have executed the commandsudo -i
.Explanation:
who -u
shows the users logged on with the PIDs of their sessions. ProbablyLANG=C
is not mandatory - it is placed to guarantee identical time/date format on machines with differentlocale
's settings.The loop
while
willdo
the commands while there is stream on the stdin.The command
read -a
will read the input stream line by line and will assign these lines as an array to the "variable"$line
. We could output the whole line by a command as:echo "${line[@]}"
. So${line[1]}
means the second variable of the array$line
(the first is0
). In the current case${line[1]}
is the TTY from the output ofwho -u
.Here is a simple script that will output a "table" with the relations betwen the array elements and their values:
The output of the command
pgrep -at "${line[1]}" | grep 'sudo -i'
will be signed as value$()
to the variable$IS_ROOT
.The command
pgrep -at "TTY"
will output the PIDs of all processes on certain TTY - option-t
--terminal
, and the option-a
--list-name
will list the PIDs and processes names.The expression
[[ ! -z "${IS_ROOT}" ]] &&
could be read in this way: if[
the variable"${IS_ROOT}"
is not!
empty-z
then&&
or else||
.The
printf
command is used to format the output (reference):Finally
sed '/grep sudo -i/d'
will delete the unattended line (that contains our commandgrep 'sudo -i'
) from the output ofwhile
andsort -k13 -k6
will sort the output by columns 13 and 6.Call the script
find-root
, make it executable (chmod +x find-root
) and execute it.Here is a simple output:
Here is a demonstration (in a
mutt
session) how the script works (in its previous version):Place the script in
/usr/local/bin
to make it available as shell command. To do that, copy and execute the following lines as single command:Explanation:
The command
cat << EOF
will output the next lines unless the stringEOF
is encountered. Note the backslashes\$
that will escape the special character$
and it will be outputted literally within cat.This output will be piped
|
to the stdin of the commandtee
(executed bysudo
) that will write the file/usr/local/bin/find-root
.If the previous command is successful
&&
the commandsuddo chmod +x
will be executed.See also:
How do I get the list of the active login sessions?
How do I list logged-in users without duplicates?
Why is it bad to log in as root?
How to enable root login?