Summary: Where did my command history file go?

From: Spurgeon, John P <john.p.spurgeon_at_intel.com> Date: Sun Mar 10 2002 - 01:21:01 EST · This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:36 EST

Ric Anderson  (ric@opus1.com) identified the problem:

>Of course, you can get vastly different results from
>    /bin/su admin
>and
>    /bin/su - admin
>as the latter sets up the environment for admin using admin's
>defaults.  When su'ing without the "-", you may wind up
>[in a situation where] target account doesn't have write access to
>[$HISTFILE].

That's exactly what happened in my case. Root's command history
file was owned by root with permissions 600. Therefore, when root
executed a command like "su admin", the target account (admin in this
case) didn't have write access to the history file. The Korn shell seems
to handle this situation pretty gracefully, since the command history
still works while the shell is running (the commands just aren't
written to disk).

As a test, I changed the permissions on the history file to 666 and then
repeated my experiment. This time the commands that were typed after
su'ing to admin WERE logged to root's command history file.

The only problem I see is that you have to decide what is worse - not
logging some commands to the shell history file, or giving others
permission to write to it!

BTW, Ric also reminded me that you can use lsof to view what files the
shell currently has open (lsof -p $$). That's an easier way to locate
your history file than the cumbersome find command that I used.

Thanks for your help, Ric!

----- Original Message -----
From: "Spurgeon, John P" <john.p.spurgeon@intel.com>
To: <sunmanagers@sunmanagers.org>
Sent: Saturday, March 09, 2002 9:36 PM
Subject: Where did my command history file go?

All of our users are set up to use /bin/ksh. I noticed that if I am logged
in
as root, all of the commands I type are logged to root's HISTFILE. However,
if I su to another user (e.g. "su admin"), then the commands I type from
that
point on are temporarily logged, but they are not stored in either root's
HISTFILE,
or admin's HISTFILE. So where did the command history file go?

...the command history file appears to be a temporary "file"
(/proc/15981/fd/63 in
the experiment above). This file is created when you su to another user
and is removed when you exit the shell. The commands that you type
after su'ing to another user are not stored in any other file on disk.
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers