How can I find out who executed a particular command and which terminal was used to run it?
Original:
how can i know particular cmd is executed by whom and to know about my terminal
A:
You can use tty to find out the file name of the terminal connected to standard input.
For the latter part of your question, sudo or su and then grep -c 'command' /home/username/.bash_history.
Alan Haggai Alavi
2009-06-15 04:06:44
+1
A:
To see what commands are being executed you use "ps -ef". This will tell you what everyone is doing though which is usually too much information.
To narrow it down to find out who is running a particular command you might add a "grep" filter like so:
ps -ef | grep scp
This will return all scp commands but it might also return the grep command looking for scp and any other commands with the letters scp embedded in them since grep is just matching the string. So you may need to get clever with the expression given to grep (a lot of times you just need to quote it and add a space:
ps -ef | grep "scp "
or even better leverage regular expressions and:
ps -ef | grep "[s]cp "
If you know the user and just want to know what they are running then "ps -fu" is your friend. For instance
ps -fu tom
Which can, of course, be combined with grep to get tom's scp processes:
ps -fu tom | grep "[s]cp "
Column 6 is the tty.
Tom Bascom
2009-06-16 17:47:56
+1 for the 'grep "[s]cp"' trick - it's what I use in a script I call 'procname'.
Jonathan Leffler
2009-06-24 05:16:27