Thorne Lawler wrote: > I would be inclined to say that root su-ing to any other user is not > something I want to raise an alert for.
root su'ing to another user is a popular method of bypassing what little security controls are available in most popular network file systems. It seems like it would be a wiser choice to correlate the running of a cron job to the su'ing of a user and suppress that warning instead. -- -dave
