And i honestly don't know where to file this request but i hope the programmer of /usr/sbin/reboot can help me.
On our production machines It Ops use the root account to perform system/configuration changes and the Rc uses a special rc account with root priviledges. Once in a while servers are rebooted and nobody knows (or says) who did it. Syslog only says:
Jan 14 14:15:12 server01 reboot: [ID 662345 auth.crit] rebooted by rcuser
Can the programmer of /usr/sbin/reboot add an extra syslog function so the pts/tty gets logged too? That would really help us and maybe alot of other admins. We don't want to use special patches or log programs to investigate
who does these things. The only information that's been given is ineduqate to trace these accidents/abuse. If this feature would be implemented it would make Solaris a better product imo. I don't know if this could be implemented or not but can this at least be evalluated? Maybe 'init' should be changed too.
With kind regards,
Erick.