RE: HOW do i..

RE: HOW do i..

[Andrej Borsenkow]

[moved to zsh-users]

>
> ..do the following:
>
> 1. i want root to be the owner of users's history file.
> 2. everytime the user exits the system, i want his history file to be
> mailed to whatever e-mail address specified. how do i execute a command
> upon exiting? i always use TRAPEXIT, however, i can't make zsh to
> read/write with root permissions.
>



I suspect, you want

- get log of all user activity
- prevent user from modifying this log

This can't be done, sorry. To save history entries in a file, this file should
be user-writable. It does not matter, whom this file belongs to. History file
is written (if at all) after every command. It means, user can edit it at any
time and remove any entries. This applies to any logging.

The most you can do is to use fc command to write *current* entries (up to
HISTSIZE) to some file at logout. But, how can you prevent user from modifying
.logout, TRAPEXIT ot whatever?

-andrej

RE: HOW do i..

[Vlad]

> I suspect, you want
> 
> - get log of all user activity
> - prevent user from modifying this log
> 
> This can't be done, sorry. To save history entries in a file, this file should
> be user-writable. It does not matter, whom this file belongs to. History file
> is written (if at all) after every command. It means, user can edit it at any
> time and remove any entries. This applies to any logging.

is there a way to simultaneously log user's activity under root? 

> 
> The most you can do is to use fc command to write *current* entries (up to
> HISTSIZE) to some file at logout. But, how can you prevent user from modifying
> .logout, TRAPEXIT ot whatever?

-rw-r--r--  1 root  wheel  87 Dec 26 19:42 /etc/zshrc

> 
> -andrej
> 

Re: HOW do i..

[Thomas Köhler]

[-- Attachment #1: Type: text/plain, Size: 985 bytes --]

On Wed, Dec 27, 2000 at 11:01:36AM -0500,
Vlad <tmd@tmd.df.ru> wrote:
> 
> > I suspect, you want
> > 
> > - get log of all user activity
> > - prevent user from modifying this log
> > 
> > This can't be done, sorry. To save history entries in a file, this file should
> > be user-writable. It does not matter, whom this file belongs to. History file
> > is written (if at all) after every command. It means, user can edit it at any
> > time and remove any entries. This applies to any logging.
> 
> is there a way to simultaneously log user's activity under root? 

You can always spy his tty.

There's even tools for that out there, search freshmeat and such...

CU,
Thomas

-- 
 Thomas Köhler Email:   jean-luc@picard.franken.de     | LCARS - Linux
     <><        WWW:     http://jeanluc-picard.de      | for Computers
                IRC:             jeanluc               | on All Real
               PGP public key available from Homepage! | Starships

[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]

Re: HOW do i..

[Steve Reid]

On Wed, Dec 27, 2000 at 10:31:46AM +0300, Andrej Borsenkow wrote:
> This can't be done, sorry. To save history entries in a file, this file should
> be user-writable. It does not matter, whom this file belongs to. History file
> is written (if at all) after every command. It means, user can edit it at any
> time and remove any entries. This applies to any logging.

Some operating systems allow you to set files append-only. For example,
under FreeBSD (and I think all 4.4-derived BSDs) the command "chflags
uappnd [file]" will set a file append-only, and only the owner or
superuser can remove the flag. "chflags sappnd [file]" and only the
superuser can remove the flag, and only if kern.securelevel is less
than one. I believe Linux has similar functionality.

I don't know whether or not this will work with the history mechanism.
If it can be set to append each line one at a time without trying to
re-write the entire file then it should work.

RE: HOW do i..

[Andrej Borsenkow]

>
> is there a way to simultaneously log user's activity under root?
>

There is no zsh-internal way that cannot be overcome by user. As suggested,
use tty spy programs. Besides, depending on options, not everything may be
saved in history (or in wrong order).

You may use preexec function to log current command, but you cannot prevent
user from un- or re-defining it. See below.

> >
> > The most you can do is to use fc command to write *current* entries (up to
> > HISTSIZE) to some file at logout. But, how can you prevent user
> from modifying
> > .logout, TRAPEXIT ot whatever?
>
> -rw-r--r--  1 root  wheel  87 Dec 26 19:42 /etc/zshrc
>

???

setopt norcs
unset TRAPEXIT

I used wrong word, sorry. I did not mean "modifying zlogout". I meant, that
user can always prevent zsh from running it, can unset/change any
variable/function.

-andrej