Tuesday, November 13, 2007

Keeping separate history files for users who su to root

If you're like me and work for a company who has many linux admins all logging into servers and then su'ing to root, you may find this tip beneficial. It is simply 3 lines that you add to root's .bash_profile which will keep separate history files for each admin that su's to root and the commands they ran. It will allow you to go back and see what the user did as root. Granted the user could delete the history file, but we are only interested in keeping separate history files and going back to review if necessary. You may need to implement a policy or have an agreement with the admins which states no one will delete the history files.

So if you're ready to try this out, fire up vi and add the below lines to root's .bash_profile

export HISTSIZE=3000
export HISTFILESIZE=5000
export HISTFILE=/root/.bash_hist-$(who am i | awk '{print $1}';exit)

Save the file and you're good to go. Now when an admin logs in, su's to root and logs out; a hidden file will be created in the root directory called .bash_hist-userid

Here's an example:

If user jsmith logged in and then su'd to root, you would see a file called .bash_hist-jsmith in the root home directory after the user logs out. Hope this helps :)

This tip is courtesy of my senior admin Steve V.

Have fun!


Anonymous said...

The syntax up there looks incorrect, e.g. there is at least one typo between the "who am i" and the "awk" command; also: shouldn't there be a pipe "|" between them?

moonpup said...

You are correct! Guess my cut and paste went awry. Thanks for letting me know, it has been corrected.

Anonymous said...

I think this method is useless:

1) what if people use "su -" to obtain root shell? Then "whoami" will report as root instead of the userid that people was using before su.

2) sudo is far better than su and especially in this case (i.e., several admins for the same machine). You can disable su by putting an invalid root password, but still grant sudo accesses to those admins.

moonpup said...

Actually, it will create a history file of the userid who su'd to root. That it the purpose of this shell code. Read it again, or for that matter just try it. It works exactly as I have stated.

As for sudo, this script does not pertain to that command. This code simply creates a separate history file for the user who su'd to root with their user id. No more, no less.

Mike said...

In regards to the anonymous post above claiming uselessness, re-read the post. It uses the "who" command, not "whoami"

I would maybe re-write the script to read "who -m" rather than "who am i" to just make sure people don't mixed up.

dhani said...

This is very useful "tuning/tweak".

thank you... :)

jose said...

But I think you can have problems if you have several users working at the same time, because awk is showing you the first column, so if you have, robert, jose, and philip, the standard out of awk '{print $1}' is robert\njose\nphilip.

Perhaps I'm not right, but I think it...

Anonymous said...

Nice... this is going in my root's .bashrc - thanks.

BTW, you could drop the redundant "exit" - or am I missing something?

Seth said...

What a great way to use "who am i". One question - why is the "exit" necessary? I understand that it's causing the subshell to finish, but won't it anyways?

moonpup said...

Hi Jose,

To address your question, this will not happen. This script will pull the effective uid of the user from the tty they came in on.

Now if a user shared his id and password with someone else and they both logged in at the same time and su'd to root at the same time, then I think something would either blow up or get overwritten. In the big scheme of things this should not happen.

moonpup said...

To Anonymous and Seth,

First, this code goes in the .bash_profile and NOT .bashrc

Second, the exit command is a hold over from the unix days where the script would sometimes hang. It is most likely not needed here, but I haven't tested without it as it works as required :)

GnuTzu said...

Great for when multiple people are working as root; you don't have to look at someone else's commands when browsing through history. This tends to happen during critical events where you need to be able to concentrate on what you're doing. Anyway, this is also supposed to work for ksh (typically used on AIX an Solaris--though .profile is then the correct place for the settings). Great post, thanks.

frankb said...

Hi again moonpup,

I mentioned .bashrc instead of .bash_profile to avoid the default ~/.bash_history being selected as HISTFILE if the rootly user spawns another X terminal.

By choosing .bashrc it gives each user the same HISTFILE whether called at login (when .bash_profile & .bashrc both run) or each time they open a shell (when .bashrc runs, but .bash_profile does not).

One minor change I made is to aggreagte HISTFILEs in a separate directory, which keeps down clutter if there are many admins:-

export HISTFILE=/root/.bash_hist.d/.bash_hist-$(who -m | awk '{print $1}')

Just remember to also 'mkdir /root/.bash_hist.d' first.

PS - Sorry for the previous AC post, laziness isn't *always* a virtue :)


moonpup said...

Hi Frankb,

Thanks for the tip, those are some nice tweaks. Hope I can post some more which you might find helpful.

sysadmn said...

Another way to create a unique histfile is to use the tty. You can then lookup that tty in utmp to see which admin used that file.

HISTFILE=~/.hist$(tty | tr '/' '_')

Anonymous said...

This could be useful on a machine I support where the primary user also has the root password. I would like to monitor what he does as root. The problem is, he uses csh, or tcsh. If he su's to root, and then switches to csh, would this work?

Büyü said...

The syntax up there looks incorrect, e.g. there is at least one typo between the "who am i" and the "awk" command; also: shouldn't there be a pipe "|" between them?

logo design - logoinn said...

The syntax logo designs up there looks incorrect, e.g. there is at least one typo between the "who am i" and the "awk" command; also: shouldn't there be a pipe "|" between them?

Serambi said...

very useful "tuning/tweak". thanks

Iliecu bani online fara investitie said...

Hehey hey!That's very good and even smart ;) It didn't cross my mind to keep separate history files for users until now.

brandon dosuza said...

Frozen Paratha Exporters From Pakistan

nice work.......kepp it up...:)

Ovais -raza said...

flat roof

Ovais -raza said...

commercial roofing

brandon dosuza said...
This comment has been removed by the author.
brandon dosuza said...

birthday party for kids

good i liked your comment

brandon dosuza said...

guesthouse in karachi

good job

brandon dosuza said...

Frozen Paratha Exporters From Pakistan


brandon dosuza said...

website development in houston

nice post

brandon dosuza said...

birthday party for girls

keep it up

brandon dosuza said...
This comment has been removed by the author.
brandon dosuza said...

website development services in houston

nice work

brandon dosuza said...

social media marketing services in houston


brandon dosuza said...

birthday party for kids


brandon dosuza said...

design t-shirts

good work great....

brandon dosuza said...

Rusk from Pakistan


brandon dosuza said...

Frozen Paratha Exporters From Pakistan


brandon dosuza said...

guesthouse in pakistan


brandon dosuza said...

guest house in pakistan

i m appriciate

saranya zinavo said...

Good article is worth learning! We always take out to see.leave deep impression to the person. I can have it, really great, thank you!
website designing company

Ovais -raza said...

Rusk Exporters From Pakistan

Manohar singh said...

I just got registered on this rich website. can a researcher from a third world country ( one without remote sensing facilities for research purposes) carry out remote sensing/ field using your website?
Designer lehenga

mahasiswa teladan said...

hi..Im college student, thanks for sharing :)

Evince said...

This is Really Informative post you are Sharing thanks:)

Web Development Company

binturlu said...

Buhara Gümüş , gümüş ürünler kategorisinde gümüş yüzükler , kolyeler , bileklikler , isimli takılar , gümüş saatler , hediyelik ürünler ve kişiye özel gümüş ürünler satışı yapan

( www.buharasilver.com ) un kurumsal web sayfasıdır. Sitemize gümüş ürünlerimizin sadece tanıtımı ve bilgilendirilmesi yapılmaktadır. Sipariş vermek ve

online satın almak için Buhara Silver ( www.buharasilver.com ) adresini ziyaret ediniz..

saransh khanna said...

Great post, thanks for sharing..

Wordpress Development CompanyWeb Design India

Web Development Company said...

Great.. Awesome information.. Thanks for sharing.

Hospital Management System

Chang bui thi said...

You topic is very great and useful for us…thank you
i like play games friv online and play games2girls Download baixar facebook

Frozen Juegos said...

Any way I'll be subscribing to your feed and I hope you post again soon.
Jugar juegos de frozen en línea gratis, los nuevos de princesa de Disney juegos frozen - la princesa encantadora y linda. Divertirse frozen!

Facebook Descargar said...

This is extremely helpful info!! Very good work. Everything is very interesting to learn and easy to understood. Thank you for giving information.
download descargar facebook gratis para Android celular and download free descargar facebook apk and descargar facebook gratis , descarga facebook

Whatsapp Descargar said...

Thanks for all your information, Website is very nice and informative content.
download free Descargar Whatsapp Para Android and download baixar whatsapp para celular online and descargar whatsapp , baixar whatsapp gratis

games unblocked said...

Very helpful advice in this particular post! It’s the little changes that make the largest changes. Thanks for sharing!
kids games online
friv 2
un show mas

thị hậu nguyễn said...

Fantastic work! All you do a great blog, and have featured some of the documents, please see here:
happy wheels
super mario bros

Jenny Daring said...

happy wheels | strike force heroes | tank trouble 2 | fireboy and watergirl |fireboyandwatergirl | fireboy and watergirl 2 | goodgame empire | slitherio | Tank trouble | happy wheels | Strike Force Heroes
Log in to your account or sign up to create a new account
gmail sign in | create a Gmail account

Unknown said...

I am really enjoying reading your well written articles. It looks like you spend a lot of effort and time on your blog. I have bookmarked it and I am looking forward to reading new articles
obat dari penyakit raja singa
obat raja singa generik
obat gejala raja singa
obat gatal raja singa
obat penyakit raja singa herbal
harga obat raja singa