bgt@homxc.ATT.COM (B.TONGUE) (01/19/89)
Good morning, world, I have a question concerning the monitoring of one's account. Briefly, there is material which is relevant to my group contained in my directories, and I'd like to keep a log on who 'cd's' into my subdirectories to use it. Is that at all possible? Thanks in advance, -- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% The Speaking Tongue, AT&T %% C Code. C Code Run. Run, Code, RUN! %% %% (..att!..)homxc!ela0!bgt %% PLEASE!!!! %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
gwyn@smoke.BRL.MIL (Doug Gwyn ) (01/20/89)
In article <5081@homxc.ATT.COM> bgt@homxc.ATT.COM (B.TONGUE) writes: >Good morning, world, I have a question concerning the monitoring >of one's account. Briefly, there is material which is relevant >to my group contained in my directories, and I'd like to keep >a log on who 'cd's' into my subdirectories to use it. The first thing you need to realize is that a chdir to set the current working directory is not necessary in order for someone to access the files in that directory. The next thing to know is that if you set access permissions so that some group of people is permitted (according to the UNIX rules for enforcing file permissions) to access the files, they can access them. You can tell from the access time recorded in a file's inode when the last access was made, but not by whom. The best way to log such access is via a set-UID interface program that verifies that the invoker is permitted to access the controlled files and notifies you somehow when the access occurs, combined with setting the file permissions such that only the UID matching the set-UID program has access. We've done this, for example, to permit SCCS archives to be more carefully protected than usual. Writing such a program is straightforward, but since there are security ramifications if you do it wrong, it is best to have an expert design and implement it.
frank@Morgan.COM (Frank Wortner) (01/21/89)
In article <5081@homxc.ATT.COM> bgt@homxc.ATT.COM (B.TONGUE) writes: >[...] Briefly, there is material which is relevant >to my group contained in my directories, and I'd like to keep >a log on who 'cd's' into my subdirectories to use it. I've often placed a local version of "ls" in various subdirectories. This ls was simply a shell script which invoked "who" and "date", stuffed the results into a file, and then invoked "/bin/ls". I know, my method is trivial, imperfect, and can be spotted/disabled by any reasonably intelligent user, but you'd be surprised how many people it does catch! -- Frank "Computers are mistake amplifiers."