shell command history capturing

Emil Isberg emil.isberg at
Fri Mar 10 12:26:31 EST 2000

On Fri, 10 Mar 2000, David Yates wrote:
>Anyone know how to capture all commands
>which are issued from a shell which has
>been initially spawed by 'sudo su - USER' ?

You spawn a shell that does it for you...

In unix when you fork() and exec() you can only trace the system calls the
application (shell or other command) does. And sudo doesn't even know what
is shell and what is not. It just do the jobb it is supposed to do.

But there is a way to solve it for you.
Create a new shell (like a patched bash) that logs every command in a
similar manner to sudo (in a different file ofcourse or better yet to 
another host) and put the shell as /root/bin/bash (or something similar).

>Once the shell spawns as USER, we'd like
>to capture all commands which are executed
>and save to a logfile.

Then make sure it is the USER's shell.

Though it is quite easy to get out of that logged shell eventhough you
create quite some overhead...

You really should make sure that the user doesn't just exec another
shell. (And that is what makes it so hard. You don't want to cripple the

If you don't want it to be the default shell then you shall not use
`sudo su - USER' but rather make sure they use `sudo su-USER' (or some
other similar thing) and in `su-USER' make sure it's root that runs it and
then do "exec su - USER -c 'exec /root/bin/bash -login'".
(Make sure the USER can access /root/bin/bash.)

Or something like that.

>Any way to handle this using sudo?


Don't shout for help at night.  You might wake your neighbors.
                -- Stanislaw J. Lem, "Unkempt Thoughts"

More information about the sudo-users mailing list