Re: Question zsh

[jr@scms.rgu.ac.uk]

> } 	I wonder if there is posible to save the .zsh_history in their
> } directories /home/user1/.zsh_history but with no privileges from user1 to
> } modify it or deleted.
> } 	What I'm trying to do is to have a .zsh_history in users
> } directories that can save all the history of every single user in the
> } /home
> 
> I'm not sure what this means.

I _think_ he wants each user to have a history file that they can't delete, as 
a sort of audit trail of their activities.

Since this file is in their home area, they automatically have rights to 
delete it (since the have rights to the directory it is contained in).  You 
could to set up a directory where they have execute permissions (111) and 
write permission (222) to the log file which would achieve the desired result, 
but they could cp /dev/null to the file to blank it.

You could hide the location, but a strings or truss could find the filename 
location; making the zsh executable suid and immediately suid back to real 
user ID would prevent truss, while making the permissions 111 would prevent 
strings from working.

The other option is to fork an suid process to do the logging, but this 
obviously has it's own set of security problems _or_ you could set up a daemon 
to do the logging (through loopback interface using sockets?).  Both methods 
would require substantial rewriting of the code.

-- 
John Riddoch	Email: jr@scms.rgu.ac.uk	Telephone: (01224)262730
Room C4, School of Computer and Mathematical Science
Robert Gordon University, Aberdeen, AB25 1HG
"Just once, I wish we would encounter an alien menace that wasn't
 immune to bullets" -- The Brigader, "Dr. Who"