Solaris 10 SSH users management

Hello Managers,

I am using a Solaris 10 box for development with subversion, C and Java.
The developers (45 accounts) have SSH access to the box and they
'checkout' the project from the repository. As a sysadmin, I have the
following questions:

- How to log all commands the users perform in the box using bash. The
history file can be ignored doing a simple export HISTFILE=/dev/null.
Another option is use truss and trace write/read syscall but I wonder if
there is another simpler solution.

- How to get started with RBAC to avoid execution of commands like su or
setuid root. I think RBAC is a good solution from Sun to this situation.


sunmanagers mailing list