Session recording
Kenny Lussier
klussier at gmail.com
Mon Mar 31 15:16:12 EDT 2008
On Mon, Mar 31, 2008 at 1:03 PM, Paul Lussier <p.lussier at comcast.net> wrote:
> "Kenny Lussier" <klussier at gmail.com> writes:
>
> > The control characters aren't the only reason that script doesn't work
> > for us. Script will write out to a file, but the lines aren't time
> > stamped, so it's impossible to know when a command was run. Also, the
> > file would need to be writable by the user, which defeats the point of
> > all the logging :-)
> >
> Wow, the lack of creativity here is astounding! :)
>
> /etc/bashrc:
> ...
> export PS1='[ `date` ]'
> ...
>
>
> If you're going to the extent of limiting them to a single shell, you
> might as well restrict them further by not allowing them to customize
> their own environment and disregarding any ~/.*rc files.
The point isn't to limit what they can do on the system (that is a
completely different issue). The problem is to account for what they
do, and to go to the logs and say that User X issued command Y at n
time. The truth is, we don't care what shell they do it in. The
decision to limit people to a single shell was a development decision,
not a security decision.
C-Ya,
Kenny
More information about the gnhlug-discuss
mailing list