access user history as root


 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting access user history as root
# 1  
Old 06-23-2009
access user history as root

Hi,

I need to access a user's command history. However, the dilemma is that he is logged in and so his current history is not yet flushed to .bash_history file which gets flushed when he logs out. Is there a way I can still access his most recent history?

thank you,

S
# 2  
Old 06-24-2009
if you are the root user, how about adding this line in your /etc/bashrc file:
Code:
export PROMPT_COMMAND='history -a'

this will flush bash_history after each command.

edit: some people might see this as a security risk, see this
# 3  
Old 06-24-2009
Quote:
Is there a way I can still access his most recent history?
Yogesh provides a really cool answer. But it works only after the user's next login or shell session. What if you want to do this in real time? You'd have to examine the user's shell's memory to see what commands have been run. It'd be a bit cryptic, but it can be done. Use gcore (provided with gdb) to dump the core. Make sure you have lots of free disk space in your current dir and then run gcore <pid>. After this, you can hunt and search with:
Code:
strings core.11342 | less # pid is an example

Start searching for the last line recorded in the user's history file; lines after that could be the ones you are looking for.
# 4  
Old 06-25-2009
Quote:
Originally Posted by otheus
Yogesh provides a really cool answer. But it works only after the user's next login or shell session. What if you want to do this in real time? You'd have to examine the user's shell's memory to see what commands have been run. It'd be a bit cryptic, but it can be done. Use gcore (provided with gdb) to dump the core. Make sure you have lots of free disk space in your current dir and then run gcore <pid>. After this, you can hunt and search with:
Code:
strings core.11342 | less # pid is an example

Start searching for the last line recorded in the user's history file; lines after that could be the ones you are looking for.

interesting thought. How about logging out the user session. This should flush the contents of his history into the file. Is it possible to force logout a user? Secondly, is it possible to flush his existing history in memory to file without logging him out?

really the history command should have a -u (user) option for the root that could take in a session/pid parameter as well..

There is a small issue with yogesh's approach. If you have multiple sessions open to a host then all will write to the same history file. this can cause potential issues..
# 5  
Old 07-01-2009
Quote:
Is it possible to force logout a user?
Yes. Just kill the login process or shell (with -1).

Quote:
Secondly, is it possible to flush his existing history in memory to file without logging him out?
Possibly. In theory you could "inject" a command to the user's TTY input stream. This command might be "exec $SHELL" for instance, which would flush the history to disk and resume the session pretty much as-is.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

On korn shell, how to share history between regular user and root?

I'm exploring OpenBSD and want to stick to its default shell, which is ksh. My goal is for my regular user ("bruno") and root user to have a shared history file. However, it seems that when running as root, ksh refuses to write to a HISTFILE that is owned by non-root user. This illustrates the... (3 Replies)
Discussion started by: DevuanFan
3 Replies

2. Solaris

Sudo access of rm to non-root user

Hello, It is Solaris-10. There is a file as /opt/vpp/dom1.2/pdd/today_23. It is always generated by root, so owned by root only. This file has to be deleted as part of application restart always and that is done by app_user and SA is always involved to do rm on that file. Is it possible to give... (9 Replies)
Discussion started by: solaris_1977
9 Replies

3. UNIX for Advanced & Expert Users

One user to su to another without allowing root access and password

Hello Gurus, I want One user to su to another without allowing root access and password. I want to run a specific command as below from user am663: --------------------------------------------------------- sudo -u appsprj4 /home/appsrj4/scripts/start_apache.sh ------------------- But... (6 Replies)
Discussion started by: pokhraj_d
6 Replies

4. Shell Programming and Scripting

How to give root access to non root user?

Currently in my system Red Hat is installed. And Many user connect to my machine via SSH Techia Terminal. I want to give some users a root level access. Can anyone please help me how to make it possible. I too searched on the Google but didn't find the correct way Regards ADI (4 Replies)
Discussion started by: adisky123
4 Replies

5. UNIX for Dummies Questions & Answers

History to Another file [local user history , but root access]

Hi all, My need is : 1. To know who , when , which command used. 2. Local user should not delete this information. I mean , with an example , i can say i have a user user1 i need to give all the following permissions to user1, : a. A specific directory other than his home... (1 Reply)
Discussion started by: sriky86
1 Replies

6. UNIX for Advanced & Expert Users

History to Another file [local user history , but root access]

Hi all, My need is : 1. To know who , when , which command used. 2. Local user should not delete this information. I mean , with an example , i can say i have a user user1 i need to give all the following permissions to user1, : a. A specific directory other than his home... (3 Replies)
Discussion started by: linuxadmin
3 Replies

7. UNIX for Dummies Questions & Answers

How to allow access to some commands having root privleges to be run bu non root user

hi i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help Thanks (5 Replies)
Discussion started by: suryashikha
5 Replies

8. UNIX for Advanced & Expert Users

How to access all user history file

Team , using fc command we can get details of our history file .. Is it possible to get the same result for different user from root.. Actually I need to collect all the stuff from select users history file for day to day basis. thanks in advance .. (2 Replies)
Discussion started by: rgpai9972
2 Replies

9. Solaris

I can not access root user through LAN

Dear i have installed Solaris 10 on SUN V240 after installation i can not access system through root user if i access system through any other user it conects but root is not connecting through LAN if i connect through SC and then access root though cosole -f command it also works kindly... (6 Replies)
Discussion started by: rizwan225
6 Replies

10. HP-UX

user commands without root access

Hi I have been asked to find out how to 1) create users 2) reset passwords 3) kill processes that may require root privileges without having root password, sudo rights or rights to passwd command Any ideas? Thanks in advance (1 Reply)
Discussion started by: emealogistics
1 Replies
Login or Register to Ask a Question