Find the answer to your Linux question:
Results 1 to 7 of 7
hello all. everybody knows that .bash_history in every user`s dir can be edited by the users itself, and in most of the cases this really happens. so if it does, ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jan 2005
    Posts
    17

    .bash_history


    hello all.

    everybody knows that .bash_history in every user`s dir can be edited by the users itself, and in most of the cases this really happens. so if it does, what`s the alternative? how cand a sysadmin see what users are doing if the bash_history was modified?

    thank you

  2. #2
    Linux Engineer Giro's Avatar
    Join Date
    Jul 2003
    Location
    England
    Posts
    1,219
    What is the problem with people editing there profile? Not sure what the problem is?

  3. #3
    Just Joined!
    Join Date
    Jan 2005
    Posts
    17
    nothing is wrong with editing their profiles, but i was talking about bash_HISTORY .. it`s a bit of a difference.

    so.. anyone else?

  4. #4
    Linux Engineer Giro's Avatar
    Join Date
    Jul 2003
    Location
    England
    Posts
    1,219
    Sorry not sure what i was thinking I would not rely on checking the users .bash_history to see what users have been doing on a system. Think about it for .bash_history to work like it is ment to (show previouse commands with the up arrow) then the users .bash_history needs to be writable by that user so how could you stop them from editiing it without stopping .bash_histrory from working all together? Then you would have nothing to look at for commands the user has issued since they would not be able to be written to there .bash_history.

  5. #5
    Linux Guru
    Join Date
    Mar 2003
    Location
    Wisconsin
    Posts
    1,907
    Write a wrapper script that outputs every command entered into .bash_history and to another file called .bash_history_unwritable that is uneditable by user.

    Jeremy
    Registered Linux user #346571
    "All The Dude ever wanted was his rug back" - The Dude

  6. #6
    Just Joined!
    Join Date
    Jan 2005
    Posts
    17
    Quote Originally Posted by Giro
    Sorry not sure what i was thinking I would not rely on checking the users .bash_history to see what users have been doing on a system. Think about it for .bash_history to work like it is ment to (show previouse commands with the up arrow) then the users .bash_history needs to be writable by that user so how could you stop them from editiing it without stopping .bash_histrory from working all together? Then you would have nothing to look at for commands the user has issued since they would not be able to be written to there .bash_history.
    That`s true, you have to find other alternatives to do that. thank you for your post.

    jeremy1701, you have a good idea there, but unfortunately i have no idea what the wrapper script should look like. Is it too much to ask you for some assistance in that matter?

    Thank you.

  7. #7
    Just Joined!
    Join Date
    Jan 2005
    Posts
    17
    i found the solution, maybe this will help others. it`s quite simple actually..

    all i had to do is chattr +au /home/user/.bash_history

    in short, all commands are saved to user`s .bash_history, but the user cannot edit or delete it. pretty cool.

    thanks to #linuxhelp for this.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •