From owner-freebsd-questions  Tue Mar 20  0:42:16 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from guru.mired.org (okc-65-26-235-186.mmcable.com [65.26.235.186])
	by hub.freebsd.org (Postfix) with SMTP id 5050F37B73E
	for <questions@freebsd.org>; Tue, 20 Mar 2001 00:42:12 -0800 (PST)
	(envelope-from mwm@mired.org)
Received: (qmail 57767 invoked by uid 100); 20 Mar 2001 08:41:33 -0000
From: Mike Meyer <mwm@mired.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <15031.6077.692934.103212@guru.mired.org>
Date: Tue, 20 Mar 2001 02:41:33 -0600
To: Lucas Bergman <lucas@slb.to>
Cc: questions@freebsd.org
Subject: Re: Log files - newbie
In-Reply-To: <53834348@toto.iv>
X-Mailer: VM 6.89 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid
X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG%
 *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Lucas Bergman <lucas@slb.to> types:
> > If a user uses su and then uses some more commands before
> > exiting,will those commands(after su and before exit)be logged as
> > well?
> 
> Your question seems to presuppose that every command any (non-root)
> user executes is logged.  This is not the case.  In fact, the commands
> your users execute are not logged without considerable effort on your
> part.  You could look at the history files their shells leave, but
> there's no reason they couldn't kill those before logging out (or
> never create them in the first place).

You can enable logging of every process - and thus every command -
with the simple act of adding "accounting_enable=YES" to
/etc/rc.conf. This is really logging for accouting purposes, but it
includes the command name, user and group id, and controlling tty
(among other things). lastcomm(1) can be used to extract that
information a number of ways.

So the answer to Lucas's question is "yes", if you're logging user
questions.

	<mike
--
Mike Meyer <mwm@mired.org>			http://www.mired.org/home/mwm/
Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message