From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 1524 invoked from network); 30 Oct 1998 08:58:52 -0000 Received: from math.gatech.edu (list@130.207.146.50) by ns1.primenet.com.au with SMTP; 30 Oct 1998 08:58:52 -0000 Received: (from list@localhost) by math.gatech.edu (8.9.1/8.9.1) id DAA04603; Fri, 30 Oct 1998 03:49:15 -0500 (EST) Resent-Date: Fri, 30 Oct 1998 03:48:34 -0500 (EST) Message-ID: <19981030085211.961.qmail@master.scms.rgu.ac.uk> From: jr@scms.rgu.ac.uk Date: Fri, 30 Oct 1998 08:52:10 +0000 (GMT) Reply-To: John Riddoch Subject: Re: Question zsh To: zsh-users@math.gatech.edu MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Content-MD5: IaU2RTEUipbSmEgRfPVZlQ== X-Mailer: dtmail 1.2.1 CDE Version 1.2.1 SunOS 5.6 sun4m sparc Resent-Message-ID: <"ohoZg3.0.671.NrNEs"@math> Resent-From: zsh-users@math.gatech.edu X-Mailing-List: archive/latest/1898 X-Loop: zsh-users@math.gatech.edu X-Loop: zsh-workers@math.gatech.edu Precedence: list Resent-Sender: zsh-workers-request@math.gatech.edu > } I wonder if there is posible to save the .zsh_history in their > } directories /home/user1/.zsh_history but with no privileges from user1 to > } modify it or deleted. > } What I'm trying to do is to have a .zsh_history in users > } directories that can save all the history of every single user in the > } /home > > I'm not sure what this means. I _think_ he wants each user to have a history file that they can't delete, as a sort of audit trail of their activities. Since this file is in their home area, they automatically have rights to delete it (since the have rights to the directory it is contained in). You could to set up a directory where they have execute permissions (111) and write permission (222) to the log file which would achieve the desired result, but they could cp /dev/null to the file to blank it. You could hide the location, but a strings or truss could find the filename location; making the zsh executable suid and immediately suid back to real user ID would prevent truss, while making the permissions 111 would prevent strings from working. The other option is to fork an suid process to do the logging, but this obviously has it's own set of security problems _or_ you could set up a daemon to do the logging (through loopback interface using sockets?). Both methods would require substantial rewriting of the code. -- John Riddoch Email: jr@scms.rgu.ac.uk Telephone: (01224)262730 Room C4, School of Computer and Mathematical Science Robert Gordon University, Aberdeen, AB25 1HG "Just once, I wish we would encounter an alien menace that wasn't immune to bullets" -- The Brigader, "Dr. Who"