On Mon, Dec 17, 2012 at 02:03:03PM +0000, Stuart Henderson wrote: > Wouldn't it be better to use an ssh forced command, which then looks > up the users desired shell (or other command called directly from ssh) > and wraps it in a logger?
ForceCommand runs under destination user permissions so if you won't make your ForceCommand app setuid the user could delete the log file. jirib
