I am trying to find the original user who executed a command on my development server.
In my dev server users login using their personal id and sudo to a common id using 'sudo -u commonid -i'. Once logged in as sudo they execute the commands. I am trying to identify the long running jobs on my server. Since all users are logged in as commonid while executing the commands, I am not able to find the actual user and alert them. Kindly share your thoughts.
Please note that I am not a root user and do not have root access
You are stuck not being root. If you were root you could execute a command to find the process tree - probably ptree . This lets you step backwards from a running process through the processes that created it.
Not being root means you cannot do that. I cannot come up with a workaround. The sudo log won't help much, based on your description.
You could just run something quick and dirty as a regular user, here is a starter for 10!
for i in `who -u | awk '{ print $1 }' | sort -u`; do echo "Processes for ${i}"; ps -u ${i} | sort -n; done
It will obviously get more info than you want, but by adjusting the sort to something like sort -t " " -k 1,1 -k 2,2 you'll have to check the exact syntax using man sort but this should get you going.
FWIW - if some process runs a long-running process, chances are good the code calls setsid() otherwise the user's process would be required to stay there waiting for the process to end, and the person who started the process would have to wait for termination.
setsid() creates a new session, allowing the process to be left running without tying up the process that started it.
This means that ptree is required, or messing with a lot of ps output as mentioned
above. ptree may mean root is required.
On googling, the long running process will have these envrionment variables set:
SUDO_UID Set to the user ID of the user who invoked sudo
SUDO_USER Set to the login of the user who invoked sudo
So if tell us your OS we can tell you, probably, how to look at the environment variables in the long running process, example for Solaris:
psargs -e [pid of long running process] | grep SUDO
Identify the long running process and get the start time of that by using "ps"
Get the output of the user logged in by using "last" command and identify the users who all was logged in during that particular time from the login duration