Re: [tlug] comand-line recording...

[Curt Sampson <cjs@example.com>]

On 2009-09-26 19:05 +0900 (Sat), Bruno Raoult wrote:

> Eh? are you joking? Even "script" will be acceptable (sending for
> instance to syslog, so that I have no write access)... I asked if
> there was a lighter solution, not a heavy one :-)

Well, you are in a very unusual situation, then, in that it's ok if
users subvert the logging system, so long as they do it in some other
way than modifying the file that script writes after the fact. E.g.,
this log of command, which does not include the one I ran between stty
and exit, would be fine for your compliance process:

    Script started on Sat 26 Sep 2009 07:57:04 PM JST
    analytic $ stty -echo<0d>
    analytic $ analytic $ exit<0d>

    Script done on Sat 26 Sep 2009 07:57:16 PM JST

If it's ok to subvert the system, so long as it isn't done in certain
specific ways, you ought always to mention this when asking questions
like this, since most people will interpret "the logged user must not
be able to change the log file afterwards" as an attempt to say, "the
logged user should not be able to subvert the logging system."

cjs
-- 
Curt Sampson       <cjs@example.com>        +81 90 7737 2974
           Functional programming in all senses of the word:
                   http://www.starling-software.com