Find logon user based on executed script proc id

tmalik79 · January 21, 2014, 7:50am

Hi,
i have requirement to find logged in user based on process id. i have below scenario.

all my users will logon to unix box using ssh from windows system.
after successful logon they will sudo to common user. ex. sudo -su edadm

lot of users are executing jobs from edadm user and want to find out who executed particular job.

using ps -eaf command i am able to find out process id and user name but that is displaying edadm user. But i want to know actual user name who logged on to system and executed that particular script.

Ex. User1 is logged into unixbox and executed sudo su - edadm and executed script1.
edadm 18892 12778 0 04:28 pts/20 00:00:00 script1
I am able to see edadm user is executing script1 but my expectation is to find out USER1 because he is the one who is executing script.

RudiC · January 21, 2014, 8:40am

You may want to try sth like

{ echo $$; ps -elf ; } | 
awk     'NR==1          {PID=$1; next}
                        {USER[$4]=$3; PPID[$4]=$5}
         END            {ME=USER[PID]
                         while (USER[PID]==ME) PID=PPID[PID]
                         print USER[PID]
                        }
        '

rbatte1 · January 21, 2014, 12:55pm

If the terminal is pts/20 , then:-

ps -ft pts/20

Of course, this only works whilst the process is running. Perhaps you need to code some tracing/logging into your scripts to write messages to the syslog. When switched to another account, the syslog message is still written by the user who originally logged on. Use the logger command.

It may be as simple as putting:-

logger "in $pwd running \"$0\" with parameters \"$*\""

.... into your scripts. The \" will allow you to get a quote into the logged message.

I hope that this helps,
Robin
Liverpool/Blackburn
UK