Posted on 2009-07-08
On our UNIX system , we have a common account. there are around 6 users who can log into that account. the $HOME/.sh_history file has shown some suspicious commands . ( somebody deleted important files using rm command).. Through this .sh_history file can i get to know who was the user who ran the rm commands.
One thing to note is everybody first loginto thier indiviuval account and then by using su command they log into common account.
the .sh_history file shows only commands. Can me or adming with extra rights get to know who was the actual user who ran those commands.