On 10/16/2012 07:52 AM, Tiziana Manfroni wrote: > Hi, I have some users that delete .history file (in tcsh shell), so I > can't see their commands. > Can I disable the command "unset history"? > If it is not possible, what can I do?
You can't really prevent a user from altering their environment (it's just an instruction to their shell which is under their control). If you need to keep a record of the commands that users are running you could consider either forcing them to use sudo if it's mainly administrative things you're interested in or use the audit subsystem to record what is being executed on the system (although you won't get full command line arguments). Other than that there are things like snoopylog that use an execve-wrapper to intercept calls to run commands and log full arguments. This comes with some overhead though and would reveal e.g. passwords typed in commands. Recent versions of bash can also be compiled with syslog support by defining SYSLOG_HISTORY but if your users are hooked on tcsh that probably won't help (I don't think it's enabled in the Fedora builds anyway). Regards, Bryn. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
