I have a typical scenario here in which several users have access to a particular login .. say "build".
None of the users know the passwd for this login.
The name of some of the user have been to .rhosts file.
The users can connect only by doing a rlogin to this id and then they can do some set of operations.
I need to to track which user has rlogin to this login and which are the set of command which he has run as "build".
Right now its a chaos. Some user does a rlogin to this ID and mess up the file and I have no way to find the culprit.
Chaos always results from group accounts. The solution is to not have a group account. Instead of a group account, you should be using a group group. That's what groups are for.
There are lots of ways to track what the user called "build" did. But that is not what you asked for.
You could take RTM's suggestion of using the 'script' command and perhaps create a unique log of their session by naming the output file according to their IP address.
This assumes that they have unique IP addresses and that those are static - or else this is useless as you cannot isolate the person concerned very easily.