shell command history capturing
Emil Isberg
emil.isberg at mds.mdh.se
Fri Mar 10 19:11:41 EST 2000
On Fri, 10 Mar 2000 smckay at us.ibm.com wrote:
>Once the /bin/bash shell starts (or whatever shell), it is logged in the
>users .bash_history file, but by bash, not sudo. I have disabled /bin/bash
>for this purpose. In my sudoers file I added:
>User_Alias USERS=bob, sue
>
>Cmnd_Alias SU=/bin/su, /usr/local/sbin/visudo,/bin/bash
>
>USERS ALL=ALL, !SU
What if the user is inovativ and does:
sudo cp /bin/su su
sudo chmod u+s su
sudo ./su
Or:
sudo /bin/sh
exec /bin/bash
...
Don't give them access to all but some commands. Give them all or just
some commands.
(And remember that editors may have some way to escape to a shell or
something, so you shouldn't give unlimited access to those either.)
Perhaps one could change a version of batch into using sudo as _executor_
of commands when some option are set.
I don't think it would be that hard... and quite useful sometimes.
--
A good question is never answered. It is not a bolt to be tightened
into place but a seed to be planted and to bear more seed toward the
hope of greening the landscape of idea.
-- John Ciardi
More information about the sudo-users
mailing list