Hi
Is there some command/script to know “EACH & EVERY” command executed on a solaris machine (with timestamp if possible) when multiple users are logged in with “SAME USERID & PASSWORD”?
history command is not accurate. It just shows the history of commands executed by that user or sometimes few more but it is not accurate when the system is accessed by multiple users.
Regards, AKS
That's because the .history file is updated every time you type a command. A different shell session will not see the latest commands until the .history file is updated.
You can force an update after each command by running:
PROMPT_COMMAND='history -a'
Add that to you .bashrc if you want it done each time you log in.
More tips on the "history" feature can be found here: http://dancingpenguinsoflight.com/2008/11/bash-history-tips-and-tricks/
You shouldn't have lots of people all using the same user ID and password - handing out root to all and sundry is dangerous, and the same applies to any lesser application-specific 'super-user'.
If people must use the privileges, they should login as themselves and use 'sudo' to transition to the privileged user state. One major advantage of this is that they use they're own password, not the privileged password, to make the change.
The other advantage is that you can configure things such that the activities of the user are tracked. There is a program 'sudosh' (sudo shell) that logs all activity and can be used to see what people did. There are other equivalent tools too.
If you'd like to log more information such as time/date and terminal/IP, see my answers here for scripts and ideas. And you can incorporate Isc's suggestion.
However, I would like to reiterate Jonathan Leffler's point each user should (must) have their own login (even when root/sudo is not involved).