Solved

User administration

Posted on 2009-04-09
3
574 Views
Last Modified: 2013-11-17
Hello experts ,
Is there a way to add time stamp to shell histroy . The users are using ksh,and  How can I restrict the user from changing shells .
0
Comment
Question by:vishwakarmak
3 Comments
 
LVL 40

Expert Comment

by:omarfarid
ID: 24111692
why do you want to do that?
0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 24126057
Hello again,

time stamping is easy.
Just set the environment variable EXTENDED_HISTORY=ON and the history file will contain timestamps.
Control the format of the timestamp by setting the variable HISTDATEFMT to a string formatted according to 'date' rules, e.g. HISTDATEFMT=%m/%d/%Y-%T.
Add those variables to /etc/profile to have them set globally/permanenty. Consider making them read-only by adding
'readonly  EXTENDED_HISTORY HISTDATEFMT' to /etc/profile
Display the command history along with the timestamp by issuing 'fc -t'

Inhibiting the changing of shells is not that easy. Consider using 'rksh' instead of 'ksh'. From 'man rksh':

With a restricted shell a user cannot:
       *    Change the current working directory.
       *    Set the value of the SHELL, ENV, or PATH variable.
       *    Specify the pathname of a command that contains a / (slash).
       *    Redirect output of a command with > (right caret), >| (right
            caret, pipe symbol), <> (left caret, right caret), or >> (two
            right carets).


Additionally, you must remove /usr/bin/ from the PATH of those users, and construct a new directory, let's call it e.g. /usr/rbin containing links to the binaries of /usr/bin, except for the shells and perhaps some other stuff you don't want your users to execute. Remember to add this new directory to your users' PATH!
And most important: All programs/scripts your users must run have to be contained in their PATH, as there is no '/' allowed in commands with rksh.

Please ponder carefully if you really want to take such a pervasive measure only to inhibit changing shells!


Cheers and good luck!

wmp



0
 

Author Closing Comment

by:vishwakarmak
ID: 31568727
WMP,
Thank you so much for the detailed description.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machine…
Java performance on Solaris - Managing CPUs There are various resource controls in operating system which directly/indirectly influence the performance of application. one of the most important resource controls is "CPU".   In a multithreaded…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now