The best recommendation I can give is to examine why a user needs a particular shell. Unless they have an app that simply won't work with ksh or bash, there really isn't a good reason that users should be using anything else in today's computing environments. I'd say tcsh, too, but I don't think there's much support for it anymore. Migrate every user that doesn't have a good reason to use something else to an acceptable shell and that will move you a long way towards your goal.
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Ian Masters Sent: Sunday, October 18, 2009 11:15 PM To: Solaris-Users mailing list Subject: Re: [Solaris-Users] User command logging Michael Thanks for the reply. As you say, sudo for anyone who wants super user privileges will take care of the most important stuff. Unfortunately our users are using a multitude of shells, not only the easily logable ones. Unfortunately denying shell access completely is also not an option. Tha quest continues. Ian > The easiest way won't necessarily work with everything on Solaris - > and takes more than one tool. You will need to use sudo to log super > user activity, but you have to force everyone to use sudo to become > root. For other users, the easiest way is to have all users use ksh > for their shell and have your default profile set up shell histories. > But those history files will get pretty large unless you back them up > and trim them daily. Also, amazingly enough, there are still a > significant number of Solaris apps that require the awful bourne shell > that Solaris still uses as a default shell, and won't work under ksh. > And shell histories don't work under sh. > > Another option is to deny users shell logins and force them to go in > through webmin or some similar graphical tool. Neither clean nor > pretty, but relatively easy. > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Ian Masters > Sent: Thursday, October 15, 2009 8:00 PM > To: [email protected] > Subject: [Solaris-Users] User command logging > > Hello > > I have some Solaris 10 boxes on which I need to log every command of > every user from basic user up to root user. > > I'm not overly familiar with Solaris and I don't really have time to > read 800 page manuals, looking for a needle in the haystack. > > It seems as though Sudo or Solaris' RBAC can not accomplish what I need. > > Does anyone have any idea how this can be achieved? > > Any suggestions gratefully received. > > Regards > > Ian > > _______________________________________________ > Solaris-Users mailing list > [email protected] > http://www.filibeto.org/mailman/listinfo/solaris-users > _______________________________________________ > Solaris-Users mailing list > [email protected] > http://www.filibeto.org/mailman/listinfo/solaris-users > > > _______________________________________________ Solaris-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/solaris-users _______________________________________________ Solaris-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/solaris-users
