How to get the command line history of another user?

Question

I currently have a server set up to save Bash history for every user immediately in their respective home folders and I want to create a script that runs on a set interval that switches the current user and executes the "history" command.

I have tried all variants of both su and sudo in the command line but whenever I run the command "history" for another user in a script or usind su/do, I get no output whatsoever.

In scripts, I have tried all variants of both su and sudo, as well as:

su <user>
history

But all it does is open a shell with that user and doesn't return the output of "history".

I'm currently using RHEL6.9 with Bash 4.1.2.

EDIT:

I have a log collector that currently monitors all .bash_history files, but I configured /etc/bashrc to append timestamp and user so I can assign fields and log the exact time execution of each command. Because the internal format that Bash stores command line history in .bash_history is to just add the epoch time, I need to be able to execute "history" on each individual user.

I have tried (separately) the following from the command line, as well as in scripts:

su -c "history" <user>
sudo -i -u <user> history
sudo -S -u <user> -i /bin/bash -l -c 'history'

I have tried to do this in scripts:

su -i <user>
history

But they never return any results.

Possibly related: Can I search bash history across all users on a server? — Paulo Tomé, Feb 06 '20 at 13:23
Try using su - <user> instead of su <user>. Check out this answer — Amit Singh, Feb 06 '20 at 13:24
@Paulo Tomé So I want to be able to run "history" on a script since I have formatted in /etc/bashrc how each entry is recorded (timestamp, etc.), which is why that answer does not work for me since it reads .bash_history, which I have already tested, only adds timestamp data, and is on epoch on top of that — AnthonyBB, Feb 06 '20 at 13:25
@Amit Singh That is one of the variations I have tried, which is why I don't understand why I am getting no output. I have tried redirecting both stout and sterr to a file, but there's never any data generated — AnthonyBB, Feb 06 '20 at 13:28
@AnthonyBB It's not clear what is your goal. Can you share what have you already tried? — Paulo Tomé, Feb 06 '20 at 13:31
@AnthonyBB Please edit the question to provide exactly what you want to achieve and what you have already done. — Amit Singh, Feb 06 '20 at 13:32
Taking a guess at what the OP is trying to achieve, recording all commands of users and saving it in a file with timestamp. Am I right? — Jetchisel, Feb 06 '20 at 14:11

Jetchisel · Accepted Answer · 2020-02-06T15:10:42.330

Create a script and save it somewhere in PATH that is available for all users. e.g. /bin or /usr/bin

The script

#!/usr/bin/env bash

HISTFILE=$HOME/.bash_history
history -r
unset HISTFILE
history

Save it to a name like print_history

Now try

su - user_name -c 'print_history'

You said you have the time format in /etc/bashrc so I did not unset the HISTTIMEFORMAT in that script. The idea for that script is not mine, I personally use the PROMPT_COMMAND variable to capture every commands (and every user in my system) that is typing/running commands during interactive session so I don't use that script so that's all I can say about that script. Of course all the user must be using bash as the log-in shell.

How to get the command line history of another user?

1 Answers1