Avatar of IKeystone
Flag for United States of America asked on

User activity on unix account

Hello experts,
I need your help to establish some mechanism to track users activity on specific account

1. All users have personal accounts.
2. They login using ssh from personal account to special one

Here I need to log all history what commands users run on special account with format like below:

UserName (mean from where login was done) -  Command  - Time

Thanks in advance
Unix OSShell ScriptingLinux

Avatar of undefined
Last Comment

8/22/2022 - Mon

> UserName (mean from where login was done)
see /var/log/syslog or /var/log/messages or similar
or use commands like: last, lastlog

> Command  - Time
see shell's history file (if enabled)
slightwv (䄆 Netminder)

What flavor of Unix?

There is a lot of information out there on user auditing if you look around for your specific Unix.

For example:

Guys, you missed the point. Audit user is not a problem. Problem is audit user that login from his personal account to special one. There can be 10 or more users same time on this special account. And I need to know what exactly they doing.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
slightwv (䄆 Netminder)

Please explain what you mean by ssh into a special account.

> And I need to know what exactly they doing.
do you mean you want logs like:

  userA - as special account - time - doing
  userB - as special account - time - doing

This is not possible if they are all logged in to that special account at same time.
You better let them use their own personal account and execute the commands they need using sudo or ssh configured for commands.

Hello ahoffmann,
You are totally right. It should be like

UserA - time- -doing-
UserB - time- -doing-
UserC - time- -doing-

This special account configured and using for builds and allow parallel  usage. Personal account using for different things like development, private builds, etc.
I can trace history of this account, but don't know who run command and when. That is a biggest challenge.

Do you know some way to have different .sh_history files ?
Like each user login to the special account will create his own history file ?

.sh_history.UserA .sh_history.UserB .....
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.

bash, ksh,pdksh, zsh:
  use environment variable HISTFILE

csh and tcsh:
  use shell variable histfile

set these variables according $USER in your login-rc file

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

> .. this expects all users use "su - <username>", if they login directly there is no way to track.
hmm, how does this solve the requirement from the question:
  > 2. They login using ssh