Are your system users adequate?

Surely many people used the script program to record command line sessions.
Has anyone wondered whether it is possible to use it as part of improving security / monitoring / checking the adequacy of system users?
Curiosity decided to tie the script to all users of the system and see what happens ...

#!/bin/sh
if [ "$TERM" != "" ]; then
DATE=`date +%F.%H.%M`
FOLDER= "/tmp/"
exec script -q -t $FOLDER$USER.$DATE 2> $FOLDER$USER.$DATE.time
else
/bin/sh $*
fi



Add such a script to / etc / profile (in gentoo saved it to bash.sh and put it in the /etc/profile.d/ directory).

You can test performance by accessing SSH or in any other way.

Files of the form test 2010-03-03-25.20.01 and test.2010-03-25-25.01.time should appear in / tmp.
The c .time file contains all the session timing information.
')
If the files were created in order to check the fruits, run:
scriptreplay test.2010-03-25.20.01.time test.2010-03-25.20.01

and enjoy watching.

I want to immediately say the flaws:
1 If you connect ssh user @ host / bin / bash -i - then nothing is logged = (

The main interest in this method came from the desire to follow the work of new administrators, to see their methods (do not stand behind the poor fellow).

You can also create a separate directory instead of / tmp, for example / opt / sessions and set permissions:
chmod 733 /opt/sessions

So that all sessions could write, but users could not make a listing of this directory.

UPD: thanks unera for hint with exec