Solved

User administration

Posted on 2009-04-09
3
577 Views
Last Modified: 2013-11-17
Hello experts ,
Is there a way to add time stamp to shell histroy . The users are using ksh,and  How can I restrict the user from changing shells .
0
Comment
Question by:vishwakarmak
3 Comments
 
LVL 40

Expert Comment

by:omarfarid
ID: 24111692
why do you want to do that?
0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 24126057
Hello again,

time stamping is easy.
Just set the environment variable EXTENDED_HISTORY=ON and the history file will contain timestamps.
Control the format of the timestamp by setting the variable HISTDATEFMT to a string formatted according to 'date' rules, e.g. HISTDATEFMT=%m/%d/%Y-%T.
Add those variables to /etc/profile to have them set globally/permanenty. Consider making them read-only by adding
'readonly  EXTENDED_HISTORY HISTDATEFMT' to /etc/profile
Display the command history along with the timestamp by issuing 'fc -t'

Inhibiting the changing of shells is not that easy. Consider using 'rksh' instead of 'ksh'. From 'man rksh':

With a restricted shell a user cannot:
       *    Change the current working directory.
       *    Set the value of the SHELL, ENV, or PATH variable.
       *    Specify the pathname of a command that contains a / (slash).
       *    Redirect output of a command with > (right caret), >| (right
            caret, pipe symbol), <> (left caret, right caret), or >> (two
            right carets).


Additionally, you must remove /usr/bin/ from the PATH of those users, and construct a new directory, let's call it e.g. /usr/rbin containing links to the binaries of /usr/bin, except for the shells and perhaps some other stuff you don't want your users to execute. Remember to add this new directory to your users' PATH!
And most important: All programs/scripts your users must run have to be contained in their PATH, as there is no '/' allowed in commands with rksh.

Please ponder carefully if you really want to take such a pervasive measure only to inhibit changing shells!


Cheers and good luck!

wmp



0
 

Author Closing Comment

by:vishwakarmak
ID: 31568727
WMP,
Thank you so much for the detailed description.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A metadevice consists of one or more devices (slices). It can be expanded by adding slices. Then, it can be grown to fill a larger space while the file system is in use. However, not all UNIX file systems (UFS) can be expanded this way. The conca…
I have been running these systems for a few years now and I am just very happy with them.   I just wanted to share the manual that I have created for upgrades and other things.  Oooh yes! FreeBSD makes me happy (as a server), no maintenance and I al…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question