Logging commands as su user
How do you log commands run as su user? If you use sudo to su, no corresponding commands are logged by sudo, only the initial su (the same happens if you enter a shell). In a home environment, this is fine. In real life, it is necessary to su at times, so denying su access through sudo isn't practical. I need to record everything done on the system.

    Requires Free Membership to View

    Login

    When you register, my team of editors will also send you resources covering Linux administration and management; integration and interoperability between Linux, Windows and Unix; securing Linux and mixed-platform environments; and migrating to Linux.

    Margie Semilof, Editorial Director

    By submitting your registration information to SearchEnterpriseLinux.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchEnterpriseLinux.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

I share your pain, as I used to have this same problem and in the past had written scripts to accomplish this. Today, all you need to do is use sudosh. Sudosh (an RPM) works with sudo to provide a shell that users would use for full root access, which ensures that the detailed logs are kept.

Sudosh actually records all keystrokes with the output, and can play back entire sessions like a VCR! It is very simple to set up and actually comes in two parts, sudosh and sudoshd. Sudosh is the actual program that one would call from sudo.

This was first published in April 2007

Back to top