Last Updated on 2021-08-29 by Clay
If we have a super user account in Linux server, we can check the other user’s command history (Include yourself).
I occasionally use this feature.
Occasionally, the permission was granted to the partners to use, and then found that the system was installed with something wrong, so I had to check what they did.
This is a wrong demonstration, it is best not to open permissions casually.
Check Your Command History
This is a classic command for checking your command history:
history
But the disadvantage is that you can only view your own.
If you want to check the time when the command was issued by the way, you can also use:
export HISTTIMEFORMAT='%F %T '
In this way, the input of history
will be displayed with time.
If you want to use this output format all the time, you can write it in the settings of ~/.bashrc.
Then use:
source ~/.bashrc
Let the settings take effect immediately.
Check the “.bash_history” file of specific user
I checked the information on the Internet, it seems that depending on the environment, this file that records the commands issues by the user has various names, such as .history, .sh_history… and so no.
In my system, the file named .bash_history. If I want to check my command history:
cat /home/clay/.bash_history
By the way, if you want to print the tail of the file all the time and check if there is an additional command, you can use the watch
command:
watch -n 0.5 tail /home/clay/.bash_history
But at the same time, you will also find that the command is not recorded immediately after it is reached, it is stored in the file after a while. And if the user logs out accidentally (sudden disconnection), then this file will omit the last few commands the user entered.
References
- https://superuser.com/questions/309434/how-to-view-command-history-of-another-user-in-linux/309435
- https://stackoverflow.com/questions/15698590/how-to-capture-all-the-commands-typed-in-unix-linux-by-any-user
- https://www.digitalocean.com/community/tutorials/how-to-monitor-your-ubuntu-16-04-system-with-sysdig