I'm attempting to setup rootsh on Solaris 10 to log the activity of users who require root access. However it does not appear to be sourcing root's .profile file even when run with the '-i' option. I was wondering if anybody else has run into this and might have a solution.
However it does not seem to source root's .profile or .bash_profile, so my prompt remains unchanged and I don't inherent root's PATH even though if I run an 'id' or 'who am i' I am effectively root.
I have yet to try on Solaris 9 to see if it has the same behavior as the INSTALL file mentions only Solaris 9 as having been tested.
As I already wrote, rootsh is sourcing your profile, not root's one. You might detect who is sourcing your profile and set the PATH, HOME and whatever accordingly as a workaround.
Thanks, you are right, it is still sourcing my profile. If I manually set my $HOME variable to / then it sources root's profile.
What I've done is setup an if-then statement that checks the $LOGNAME of the user. If it's root then it runs root's profile. This appears to be working well as a workaround.
Root login is a bad practice but raising someone's privileges to perform administrative tasks is both correct and unavoidable.
ACL is one way, sudo is another one and RBAC is probably the best one with Solaris. rootsh is a portable wrapper that logs every command run by a user granted root access. Quite a good security compromise.
I agree but you misunderstood my replies, perhaps because you do not know what rootsh is. Users whose tasks require full root access are by definition sys admins. Whether they are reliable / skilled or not is a totally different issue.
PS: not sure about why you use that "jigi" nickname but please use jlliagre instead.