Solved

User administration

Posted on 2009-04-09
3
579 Views
Last Modified: 2013-11-17
Hello experts ,
Is there a way to add time stamp to shell histroy . The users are using ksh,and  How can I restrict the user from changing shells .
0
Comment
Question by:vishwakarmak
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 40

Expert Comment

by:omarfarid
ID: 24111692
why do you want to do that?
0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 24126057
Hello again,

time stamping is easy.
Just set the environment variable EXTENDED_HISTORY=ON and the history file will contain timestamps.
Control the format of the timestamp by setting the variable HISTDATEFMT to a string formatted according to 'date' rules, e.g. HISTDATEFMT=%m/%d/%Y-%T.
Add those variables to /etc/profile to have them set globally/permanenty. Consider making them read-only by adding
'readonly  EXTENDED_HISTORY HISTDATEFMT' to /etc/profile
Display the command history along with the timestamp by issuing 'fc -t'

Inhibiting the changing of shells is not that easy. Consider using 'rksh' instead of 'ksh'. From 'man rksh':

With a restricted shell a user cannot:
       *    Change the current working directory.
       *    Set the value of the SHELL, ENV, or PATH variable.
       *    Specify the pathname of a command that contains a / (slash).
       *    Redirect output of a command with > (right caret), >| (right
            caret, pipe symbol), <> (left caret, right caret), or >> (two
            right carets).


Additionally, you must remove /usr/bin/ from the PATH of those users, and construct a new directory, let's call it e.g. /usr/rbin containing links to the binaries of /usr/bin, except for the shells and perhaps some other stuff you don't want your users to execute. Remember to add this new directory to your users' PATH!
And most important: All programs/scripts your users must run have to be contained in their PATH, as there is no '/' allowed in commands with rksh.

Please ponder carefully if you really want to take such a pervasive measure only to inhibit changing shells!


Cheers and good luck!

wmp



0
 

Author Closing Comment

by:vishwakarmak
ID: 31568727
WMP,
Thank you so much for the detailed description.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This tech tip describes how to install the Solaris Operating System from a tape backup that was created using the Solaris flash archive utility. I have used this procedure on the Solaris 8 and 9 OS, and it shoudl also work well on the Solaris 10 rel…
Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machine…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question