I am using a Linux server (Ubuntu 11.04 Server) to host some files and a code repository. Because we are using ssh + svn to connect to the repository, our users have normal ssh access.
What I would like to do is log their user sessions so that I have an audit trail in the event that something breaks or disappears. I looked into the "script" command, but what I do not like is that users must have write access to these files. I want to be able to ensure that the users have not tampered with their logs.
Is there to log to a file that the users can't touch? I thought about some kind of daemon, or executing script as another user.
Easiest way I can come up with: have the logs written to a separate directory, where the users have only write access (no read, no execute bit set), and use non-predictable names for the logs. That way they can't see the file, unless they know the specific name (which should be hard to deduct).
As long as your users don't figure out how to use ps to get the filename, this should be enough. If they do, you'll have to call script using a C program as wrapper, hiding the command line.