Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 584
  • Last Modified:

User administration

Hello experts ,
Is there a way to add time stamp to shell histroy . The users are using ksh,and  How can I restrict the user from changing shells .
0
vishwakarmak
Asked:
vishwakarmak
1 Solution
 
omarfaridCommented:
why do you want to do that?
0
 
woolmilkporcCommented:
Hello again,

time stamping is easy.
Just set the environment variable EXTENDED_HISTORY=ON and the history file will contain timestamps.
Control the format of the timestamp by setting the variable HISTDATEFMT to a string formatted according to 'date' rules, e.g. HISTDATEFMT=%m/%d/%Y-%T.
Add those variables to /etc/profile to have them set globally/permanenty. Consider making them read-only by adding
'readonly  EXTENDED_HISTORY HISTDATEFMT' to /etc/profile
Display the command history along with the timestamp by issuing 'fc -t'

Inhibiting the changing of shells is not that easy. Consider using 'rksh' instead of 'ksh'. From 'man rksh':

With a restricted shell a user cannot:
       *    Change the current working directory.
       *    Set the value of the SHELL, ENV, or PATH variable.
       *    Specify the pathname of a command that contains a / (slash).
       *    Redirect output of a command with > (right caret), >| (right
            caret, pipe symbol), <> (left caret, right caret), or >> (two
            right carets).


Additionally, you must remove /usr/bin/ from the PATH of those users, and construct a new directory, let's call it e.g. /usr/rbin containing links to the binaries of /usr/bin, except for the shells and perhaps some other stuff you don't want your users to execute. Remember to add this new directory to your users' PATH!
And most important: All programs/scripts your users must run have to be contained in their PATH, as there is no '/' allowed in commands with rksh.

Please ponder carefully if you really want to take such a pervasive measure only to inhibit changing shells!


Cheers and good luck!

wmp



0
 
vishwakarmakAuthor Commented:
WMP,
Thank you so much for the detailed description.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now