shell command history capturing

Emil Isberg emil.isberg at
Fri Mar 10 19:11:41 EST 2000

On Fri, 10 Mar 2000 smckay at wrote:
>Once the /bin/bash shell starts (or whatever shell), it is logged in the
>users .bash_history file, but by bash, not sudo. I have disabled /bin/bash
>for this purpose. In my sudoers file I added:

>User_Alias     USERS=bob, sue
>Cmnd_Alias      SU=/bin/su, /usr/local/sbin/visudo,/bin/bash
>USERS          ALL=ALL, !SU

What if the user is inovativ and does:
sudo cp /bin/su su
sudo chmod u+s su
sudo ./su

sudo /bin/sh
exec /bin/bash


Don't give them access to all but some commands. Give them all or just
some commands.
(And remember that editors may have some way to escape to a shell or
something, so you shouldn't give unlimited access to those either.)

Perhaps one could change a version of batch into using sudo as _executor_
of commands when some option are set.

I don't think it would be that hard... and quite useful sometimes.

A good question is never answered.  It is not a bolt to be tightened
into place but a seed to be planted and to bear more seed toward the
hope of greening the landscape of idea.
                -- John Ciardi

More information about the sudo-users mailing list