During a recent application failure we found that 2 users had removed their $HOME/.sh_history file. We suspect it was these 2 users who caused the fault but we now have no way to prove it.
Obviously these users need write privilege or they can't write their command line history, and obviously giving write also gives delete. Is there any way to enable user write to their history file but prevent it being deleted?
I know even this is a bit poor as they could cat a null file to it, but it's better than nothing.
Thanks.
Obviously these users need write privilege or they can't write their command line history, and obviously giving write also gives delete. Is there any way to enable user write to their history file but prevent it being deleted?
I know even this is a bit poor as they could cat a null file to it, but it's better than nothing.
Thanks.