1

I currently have a server set up to save Bash history for every user immediately in their respective home folders and I want to create a script that runs on a set interval that switches the current user and executes the "history" command.

I have tried all variants of both su and sudo in the command line but whenever I run the command "history" for another user in a script or usind su/do, I get no output whatsoever.

In scripts, I have tried all variants of both su and sudo, as well as:

su <user>
history

But all it does is open a shell with that user and doesn't return the output of "history".

I'm currently using RHEL6.9 with Bash 4.1.2.

EDIT:

I have a log collector that currently monitors all .bash_history files, but I configured /etc/bashrc to append timestamp and user so I can assign fields and log the exact time execution of each command. Because the internal format that Bash stores command line history in .bash_history is to just add the epoch time, I need to be able to execute "history" on each individual user.

I have tried (separately) the following from the command line, as well as in scripts:

su -c "history" <user>
sudo -i -u <user> history
sudo -S -u <user> -i /bin/bash -l -c 'history'

I have tried to do this in scripts:

su -i <user>
history

But they never return any results.

AnthonyBB
  • 351

1 Answers1

1

Create a script and save it somewhere in PATH that is available for all users. e.g. /bin or /usr/bin

The script

#!/usr/bin/env bash

HISTFILE=$HOME/.bash_history
history -r
unset HISTFILE
history

Save it to a name like print_history

Now try

su - user_name -c 'print_history'

You said you have the time format in /etc/bashrc so I did not unset the HISTTIMEFORMAT in that script. The idea for that script is not mine, I personally use the PROMPT_COMMAND variable to capture every commands (and every user in my system) that is typing/running commands during interactive session so I don't use that script so that's all I can say about that script. Of course all the user must be using bash as the log-in shell.

Jetchisel
  • 1,264