Something that's bothered me for many years is that if I want to search my shell history for commands which were run as root, I have to check two different locations:
/root/.bash_history./brian/.bash_history for sudo commands.Is there a solution for bash (or, indeed, any shell - I'm willing to switch) which will deposit sudo commands into the shell history of the target user?
I assume you are operating in that private unix I-am-root-and-only-user mode, like me. And exactly to avoid a splitting of my personality I log in as root. For the moment - I know it's a kind of security problem.
I am so busy installing, testing etc. as a sysadmin, that I cannot present a satisfying login for a user.
And still the bash history can confuse me when I am using several consoles and/or xterms. Only organization I have so far is a small file hist-keep with a couple of commands I often use.
if I want to search my shell history for commands which were run as root
Do you want to just search, or do you want to "load" the history file, so you can history-search?
I just looked up sudo yesterday, because of this obscure sudo vs. pseudo question. I suddenly realised that "sudo" and "pseudo" are pronounced identically in english, and when you consider "pseudonym" (or "alias") there really is a semantic connection.
Sudo is actually meant to produce a separate tracking of commands. That would be how "root" checks what "brian" (and others) did under pseudonym "root".
But you rather want to merge separate histories.
I feel the solution is more a history -r of a processed file, and not injecting sudo lines into root's history file.
A first aid solution would of course be a simple function/script that searches in these two files, something like
grep $1 $root-hist
grep "sudo.*$1" $user-hist
Then you can sudoroot-combigrep "mount" to get all relevant lines containing "mount". (choose your own easily tab-completeable name)
Ran across this looking for a way to separate different admin users sudo su - history into to individual files:
Based on @cas's suggestion above I came up with:
## Existing history configuration
export HISTCONTROL=ignoredups:erasedups # no duplicate entries
export HISTSIZE=1000000 # big big history
export HISTFILESIZE=1000000 # big big history
export HISTTIMEFORMAT='%F %T ' # Include history time stamps
# Save and reload the history after each command finishes
shopt -s histappend
export PROMPT_COMMAND="history -a; $PROMPT_COMMAND"
## Added to assign uniq history file to the user use sudo'd to root
export SUDO_USER=$(logname)
if [[ "$SUDO_USER" != "root" ]]; then
set history -c
set histappend
HISTFILE="/root/.bash_history_sudo-$SUDO_USER"
fi
Now, when an admin sudo's to root, all history while they are root will be written to /root/.bash_history_sudo-$SUDO_USER
Running commands like sudo tail /var/log/messages will continue to be written to the users own $HISTFILE, ex: $HOME/.bash_history
set histappendso it appends rather than overwrites. This will result in all of root's history being appended to the user's history file (unless root's history was also cleared when changing HISTFILE and setting histappend. clearing it will, of course, make root's history unavailable in that sudo shell)if [ -n "$SUDO_USER" ] ; then history -c ; set histappend ; HISTFILE="$(getent passwd "$SUDO_USER" | cut -d: -f6)/.bash_history" ; fisudo cat /etc/passwdfor example, your solution wouldn't help. Sudo runs the command directly; it doesn't spawn a brand new bash shell just to run cat, right?sudo command .... Then they will be saved in your userID's history. The problem will only appear, when you run as root (for example viasudo -i)./root/.bash_historyandsudo Xin user history files. orgrep 'sudo.*COMMAND' /var/log/auth.log(or wherever sudo is logged on your system)