Sounds like what I need to do, but how? Where do I find it, what directory, how do I read it? Thanks.

here are a few ways.

1) the bash_history is located in each users home directory /home/username/.bash_history

typing the following, presuming my username was "xtstrike" would give you a dump of the users entire history:

pico /home/xtstrike/.bash_history

2) you can SU to the root acount, then su to the users account (which doesnt require a password) then type "history" it will then list the entire history of commands for that particular account. e.g.:

su
su xtstrike
history

hope this helps.

In general, you do not need to monitor user's .bash_history files. Unless you give them the permission to, they aren't going to do anything malicious to the server, because they can't. Most of the time you'll just be shifting through "mv" "cp" "chmod" and "pico" commands.

You can monitor them for a while like xtstrike said. But soon you will find out that it is generally a waste of time.

Although if you are looking for users who execute a specific command, you could run something like this:

grep "command name here" /home/*/.bash_history

But as I said, if you do not give them permission to run programs that they shouldn't be allowed to run, they won't be able to.

Right, and thanks xt.

But I was surprised when I realized I could just telnet in as one of my accounts (i.e using their password, etc.) and cd ../ a couple times then proceed to cd site1, cd site2, ce site3, etc. to look at everyone's files. I did not try to cd to a cgi-bin, but if I could, and if I could read files in there, I could certainly get some stuff I would want no customer to have but the customer to which the stuff belongs.

I decided to eliminate all telnet access until such a time that I can offer telnet snoop protection for all our customers.

If I am correct in my assumptions, and you have a relatively simple way I could do this, please let me know. Thanks.

I developed a php script which turns permissions the right way every evening, so that other users can't login in in the /web dir of another site hosted on the server.