[vox] Question from a new Unix/ Linux user

ME vox@lists.lugod.org
Sun, 13 Apr 2003 09:09:10 -0700 (PDT) 

> I have a unix account(&& I'm not the superuser). I'll
> like to write a small routine that keeps track on
> anyone that logs in my account. Can anyone give me an
> idea on how to implement it. (It is set to 700).
> Thanx a zillion 4 any help!!

Tricky. If you trust the other user to not modify your resource files,
then you could add entries to your shell "rc" files to mail you when a
person is using the account, or dumps the login into a file.

Also, if your account uses bash as the default shell, and you trust the
user of the account to notuse a different shell or modify your shell's
".rc" files, then you could also add a new file ~/.bash_logout that
e-mails you a copy of the ~/.bash_history to see what was done in the
session, and when the session ended (complimenting the first suggestion.)

However, you mention that you want to "keep track" of anyone loggin into
the account. This is often considered to be one of the three main parts of
computers security (tracking/logging/reporting). This suggests that you
are concerned with the security of the account, and do not trust the users
tthat may use your account.

Without having the support of the super user (and trusting the super user)
there are not many (any?) things that you can implementment with your own
UID/GID that cannot be "undone" by another user who uses your account.

Even use of the shell "rc" files can be bypassed if the user "su" to your
account from theirs and chooses to not process your shell rc files. From
there, they could modify your rc files to remove the above changes and
then login to your account with "su -" or ssh or ??? and the
tracking/logging is lost.

If you *just* want to see when the account was used, you can check out the
command called "last". This tracks login/logout with the wtmp file/db.
However, even this is not fully reliable for tracking sessions. Use of
"screen" permits the user the grab other tty, and these other tty's being
used are often not logged to wtmp. Also, "last" (with wtmp) often does not
track users "su"-ing from other accounts.

If you do not trust the users using the account, then you really would
need the support of the superuser. They can set up logging and tracking
(process accounting, etc) to keep track of what is done, and make sure
that users can't alter the logged data (unless the user gains admin
access.)

Hope you can find an answer to use here,
-ME