Solved

User administration

Posted on 2009-04-09
3
571 Views
Last Modified: 2013-11-17
Hello experts ,
Is there a way to add time stamp to shell histroy . The users are using ksh,and  How can I restrict the user from changing shells .
0
Comment
Question by:vishwakarmak
3 Comments
 
LVL 40

Expert Comment

by:omarfarid
ID: 24111692
why do you want to do that?
0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 24126057
Hello again,

time stamping is easy.
Just set the environment variable EXTENDED_HISTORY=ON and the history file will contain timestamps.
Control the format of the timestamp by setting the variable HISTDATEFMT to a string formatted according to 'date' rules, e.g. HISTDATEFMT=%m/%d/%Y-%T.
Add those variables to /etc/profile to have them set globally/permanenty. Consider making them read-only by adding
'readonly  EXTENDED_HISTORY HISTDATEFMT' to /etc/profile
Display the command history along with the timestamp by issuing 'fc -t'

Inhibiting the changing of shells is not that easy. Consider using 'rksh' instead of 'ksh'. From 'man rksh':

With a restricted shell a user cannot:
       *    Change the current working directory.
       *    Set the value of the SHELL, ENV, or PATH variable.
       *    Specify the pathname of a command that contains a / (slash).
       *    Redirect output of a command with > (right caret), >| (right
            caret, pipe symbol), <> (left caret, right caret), or >> (two
            right carets).


Additionally, you must remove /usr/bin/ from the PATH of those users, and construct a new directory, let's call it e.g. /usr/rbin containing links to the binaries of /usr/bin, except for the shells and perhaps some other stuff you don't want your users to execute. Remember to add this new directory to your users' PATH!
And most important: All programs/scripts your users must run have to be contained in their PATH, as there is no '/' allowed in commands with rksh.

Please ponder carefully if you really want to take such a pervasive measure only to inhibit changing shells!


Cheers and good luck!

wmp



0
 

Author Closing Comment

by:vishwakarmak
ID: 31568727
WMP,
Thank you so much for the detailed description.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
nodeip 9 68
Java core in Solaris 10 1 235
cron job says it ran, no results 25 94
Oracle Finace 3 48
Hello fellow BSD lovers, I've created a patch process for patching openjdk6 for BSD (FreeBSD specifically), although I tried to keep all BSD versions in mind when creating my patch. Welcome to OpenJDK6 on BSD First let me start with a little …
FreeBSD on EC2 FreeBSD (https://www.freebsd.org) is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now