0

The title pretty much captures everything. I'm on linux, and I want to find out when was a particular user added to or removed from a group. Some Google-ing leads me to believe it is possible in Windows, but I couldn't find anything relevant for linux.

ekad
  • 14,436
  • 26
  • 44
  • 46
user10
  • 2,126
  • 5
  • 19
  • 26

1 Answers1

1

In Linux it depends:

If you're just using files you need to watch /etc/group and look at the timestamps of changes on that, from archived copies or live. (Assuming you take regular snapshots or can watch this file).

If you're using LDAP you can look at the modification dates (modifyTimeStamp) on individual entries in the DIT. If you want to make this robust and reliable then the nicer option would be to implement it as an overlay (assuming OpenLDAP), or simply use the existing audit overlay.

There are other NSS modules (e.g. nis/nis+), but I'm not so familiar with them.

Flexo
  • 87,323
  • 22
  • 191
  • 272
  • Thanks for the prompt reply. We use LDAP. I'm not sure how can I "look at the modification dates on individual entries in the DIT", but I'm sure google would know :) – user10 Mar 31 '11 at 16:13
  • 1
    It's an "operational attribute", not normally exposed by default (e.g. ldapsearch -x), but you can make ldapsearch show it by using + (e.g. ldapsearch -x +) – Flexo Mar 31 '11 at 16:21