How to Monitor User Activity with psacct or acct Tools

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Use our Linode referral link if you plan to buy VPS (it starts at only $10/month).
  4. Support us via PayPal donate - Make a Donation
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Ravi Saive

I am Ravi Saive, creator of TecMint. A Computer Geek and Linux Guru who loves to share tricks and tips on Internet. Most Of My Servers runs on Open Source Platform called Linux. Follow Me: Twitter, Facebook and Google+

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

Receive Your Free Complimentary eBook NOW! -

Download Free Linux eBooks

Advanced Bash-Scripting Guide
Linux Bible
A Newbie's Getting Started Guide to Linux
Introduction to Linux - A Hands on Guide

You may also like...

20 Responses

  1. damilola dada says:

    Helo ravi,

    I installed ‘acct’ in my ubuntu 14.04 ssh server and i can run ‘ac’ command but for the ‘sa’ command gives me this error ” couldnt open file ‘/var/log/account/pacct’: permission denied” anytime i run it, how do i go about this please?

  2. jonathan says:

    Hi Ravi,
    I intstalled acct in Ubuntu 14.04 LTS last May 19 2016, but when I used ‘ac -d myusername’ it only reflect yesterday and today time consume. Also when I use the ‘lastcomm myusername’ same result it reflect yesterday and today commands use.
    Is there something going here? or may I missing something.
    Your help is much appreciated.
    Thank you!

    • Ravi Saive says:

      @Jonathan,

      Could you check the ‘history’ and ‘lastlog’ file under /etc directory, you will came to know why it showing results of last day and today..

  3. Martial says:

    Hi Ravi Saive, it’s there anyway that the root gives privilege to users to create their own password or to set up their own password so that the root user does not know like in windows. Thanks again for your post. Very good and God bless you.

    • Ravi Saive says:

      @Martial,
      Yes, you a root can force users to change or set their own password after first login, this can be done by using following command.

      # chage -d0 user-name
      

      Where option “-d0” describes that the password was changed on 1st January 1970, which essentially expires the current password, and force users to change their passwords on the next login.

  4. Peter says:

    A very good website. I have been looking for a site like this for a while now to get hands on Linux and I must say this is the bet.

    Thanks guys

    • Ravi Saive says:

      @Peter,
      Thanks for liking our website, we continue to provide such high quality articles for readers like you. Keep visiting

  5. How to join your community…..what is the process of joing community…please tell me…
    Thank you

  6. pratheesh says:

    thanks for such useful and Excellent article! Keep going :)

    how can we know how many task’s(process) are hold by the swap when ram is full.

  7. Manoj says:

    Ravi, thanks for such useful and Excellent article! Keep going :)

  8. bruce says:

    thanks, i am using this tools these days , but i found that the information accounted by psacct will reset several days once. do you know how to change it because i want to monitor my computer for a long time. thanks again.

  9. Ken Hall says:

    It is possible to give users full sudo access without allowing sudo su… That way all commands will be logged.

    Cmnd_Alias SU = /bin/su root, /bin/su – root

    Cmnd_Alias FORBIDDEN = /bin/bash, /bin/ksh, /bin/ksh93, /bin/sh, /bin/csh, /bin/tcsh, /bin/zsh, /usr/sbin/pwconv, /usr/sbin/visudo, /usr/bin/crontab

    USERS ALL = (ALL) !FORBIDDEN, !SU, ALL

  10. Mohit Kumar says:

    Its good article and very useful. But there are number of sysadmins handling lots of server.

    We have done as below:-

    1- Disabled first level root access.
    2- created individual login for users with sudo access.

    User has to login with his individual login ID and he can switch to root prompt through
    # sudo su –

    Now user becomes root and he has all privileges.

    How we can monitor this?

    While we can log all that command, which has been fired with sudo. But after the switching to root, not able to identify.

    A sudo user can not switch to root. Is this possible??

    • Ravi Saive says:

      That’s not possible, if a user knows the root password he will able to login and run commands. But if you would like to trace those commands with date and time of execution, you need to use history command.

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

Join Over 150K+ Linux Users
  1. 100,756
  2. 5,113
  3. 36,418

Enter your email to get latest Linux Howto's