Re: [tlug] comand-line recording...

["Stephen J. Turnbull" <stephen@example.com>]

Curt Sampson writes:

 > Well, I don't really have any idea about what you mean by "easy,"
 > either, since handing script's output to syslog in any reasonable way I
 > can think of would involve modifying the script program. But if you're
 > asking, "which program should I modify instead of script," I'd say the
 > shells, if you want to modify an existing program. But writing a new
 > program from scratch to let users sit on a pty and record keyboard input

"keystroke logger" is what you mean to say, I think.

 > (the way screen does with output) might be easier if you have to deal
 > with multiple shells, though it seems unlikely if you want to avoid
 > recording things that are not echoed to the screen, such as passwords.

Of course, that's not going to be a good idea if passwords are
involved.

Er ... doesn't sudo log every command it executes?  How about
chown'ing every program that the user should execute to an otherwise
unprivileged account (with a nologin password and no
.ssh/authorized_keys, etc).  Clumsy, but might be enough to get what
Bruno needs/wants.

Of course, what will happen is people who know they're going to type a
lot of commands will sudo su thatuser ....