Capture wrapper for users that "su -" to another ID.

[jxfish2]

Is there such a thing as a wrapper, to capture commands issued by a user, when they "su -" from their primary account to a secondary user account.

When logged in as themselves, it's easy to track their commands and whereabouts, via a standard history file.

However, once a user "su's" to another account, how can I track what that user is doing, or what they've done, while logged in as that user?

Once they "su -" to the secondary account, how can I keep track of what they've done, versus what the real account holder has done, or in this case, it may be necessary to give "su -" permission to numerous users...

How can I put a wrapper in place, to track a users entire session, regardless of whether they change to another user ID, after logging in?

I'm told there is a Perl wrapper, but I don't know what or where to find it...

TIA
Jxfish2

 

[PHV]

To track a users entire session, you may consider script.

Hope This Help, PH.
Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884

 

[jxfish2]

I don't know if script is what I want, as script logs EVERYTHING, including output, to the log file...

I just want a way to log commands issued, from the time a user logs in, to when they leave...

I believe there's a way to get syslogd to log the commands issued, to include when the user "su -"s to another account...

If this is correct, can anyone help with the syntax, and the location of where to configure it?

/etc/syslogd.conf

????

TIA

Jxfish2