On 14/11/06, Sanjay Arora <sanjay.k.arora at gmail.com> wrote: > I sometimes need to allow sub-contracted admins root ssh access to my > servers. Later, I always wonder what they did during access. > > Is there any shell that provides all shell abilities to the remote user > but monitors/emails a designated user each command executed in the shell > terminal and does not allow the user (even root) to modify the bash history file or > similar shell history file, or maybe sending each command by email to a > remote server, so that modifying history becomes out of question? If you only allow them to... $ sudo su - # ... doesn't sudo then keep track of their actions? There are other alternatives, sudosh for one. http://sourceforge.net/projects/sudosh/ I'm pretty certain there are others too, from memory of the last time I looked into shell auditing. Will.