Skip to content

[Linux] How To Check The History Of User Commands

Last Updated on 2021-08-29 by Clay

If we have a super user account in Linux server, we can check the other user's command history (Include yourself).

I occasionally use this feature.

Occasionally, the permission was granted to the partners to use, and then found that the system was installed with something wrong, so I had to check what they did.

This is a wrong demonstration, it is best not to open permissions casually.


Check Your Command History

This is a classic command for checking your command history:

history

But the disadvantage is that you can only view your own.

If you want to check the time when the command was issued by the way, you can also use:

export HISTTIMEFORMAT='%F %T '

In this way, the input of history will be displayed with time.

If you want to use this output format all the time, you can write it in the settings of ~/.bashrc.

Then use:

source ~/.bashrc

Let the settings take effect immediately.


Check the ".bash_history" file of specific user

I checked the information on the Internet, it seems that depending on the environment, this file that records the commands issues by the user has various names, such as .history, .sh_history... and so no.

In my system, the file named .bash_history. If I want to check my command history:

cat /home/clay/.bash_history


By the way, if you want to print the tail of the file all the time and check if there is an additional command, you can use the watch command:

watch -n 0.5 tail /home/clay/.bash_history

But at the same time, you will also find that the command is not recorded immediately after it is reached, it is stored in the file after a while. And if the user logs out accidentally (sudden disconnection), then this file will omit the last few commands the user entered.


References


Read More

Tags:

Leave a Reply