Thursday, November 1, 2012

Show who ran that sudo command

When you have a server used by many people its often understood that you should be considerate when running certain programs or if you plan on utilizing lots of CPU. Sometimes that consideration flys out the window. When that happens i like to track down who the douchebag is. Here are some ways you can find out the person.

PSTREE
pstree -aUhu
run that command and you will see a pretty tree being drawn to your terminal. reading through the output will show you the commands, their arguments, what process is the parent, and if the user changed. This command has yet to fail me in determining process ownership.

PROC
/proc/PID/environ
grab the PID of the process that is in question using either 'pidof' or just copying it out of 'ps aux'. Once you have the PID, cat the file above (while replacing "PID" with the copied PID) and it will output the enherited environment variables of the process, which includes the "SUDO_USER=jim" variable.

No comments:

Post a Comment