At best I'm a junior admin with a big problem.
My developers have got my root password and mgmt insists they need it.
I can't even change it when people knowing it leave.
I'm certain they've hardcoded it into routines. I've searched my servers and grepped everything & can't find it.
I think I know what's going on and now I'll get to the point.
I inserted the date command into the .profile script, redirecting the output to a log. I followed that with a who, also directed to the log.
The .profile is executed multiple times per night, but the who command isn't producing any output. I've checked and when ftp'ing into a box, I don't appear via a who.
I think they've got root's password hardcoded into ftp routines on remote boxes.
I've searched and there was a post, by ytakbob, 9/28/2006, titled FTP Server Log. I read it and all the reply's I found and it didn't appear to have been answered.
I'm also in an AIX 5.2 environment.
Can I post the same question? Or, was there a reply posted that I haven't found that suggests a way to track/log ftp's comnig into my server?
I'm not going to be able to do anything unless I can prove they've got my password hardcoded into routines.
Just as an FYI, I know how to get around they're perceived 'need' for root access, but mgmt is resolved to follow through on this long-gone consultants plan.
Thanks in advance for any guidance you might be able to offer.
Please post questions to an appropriate forum. Post Here to Contact Site Administrators and Moderators, where you posted your question, has a description that reads "Make Suggestions About Forums, Features, or Content here. Discuss Rules and Guidelines. Get Forum Support Here. (Registered Users Only)". You're not doing anything like that in this thread. I have moved this thread to the AIX forum.
Also, please try to use a more informative title. Your post isn't even one that could accurately be called "quick". As for your first question, yes, when a post which is a more than a couple old was not answered, the question can be asked again and this is not considered a violation of rule 4.
But ftp does not use a shell and should not cause .profile to be run. I get the impression that you think otherwise. Try it. Connect via ftp and see if your .profile adds a line to your log file.
Sharing root passwords with developers ? Why on earth they will need root access ? [ Give them sudo for starting an apache or so which needs to bind port numbers less that 1024 ? ]. I would resign the next day / take no responsibility if I was the sysadmin of that box.
If I were you and I still need the job , I would change the root password and search for any setuid programs [ which the developers might hv creased ] ., audit the sudoers files and take the system clean. If you do not know the root password , take the machine to maintenance mode, access the rootvg and amend /etc/passwd.