Navigate

CentOS / RHEL : How to find which user run a specific command?

Question: How can I tell which user ran a specific command ? or If the user clears their .bash_history can I still tell who ran a command?

Answer:

Using the process accounting tools, you can get basic information about who ran a specific command. Below are the steps to find out who run the command.

1. The service must be running before the accounting will take place, this is achieved with the command:

# /etc/init.d/psacct start

2. This can be enabled to run at every boot with the command

# chkconfig psacct on

3. To find out who run a specific command, provide the command name as a parameter to the lastcomm command.

# lastcomm rm

And it should show you who run the command.
Related Post
  1. mk Command Examples

    mk is a task runner tool commonly used for controlling the compilation process of executables…

  2. mixxx Command Examples

    Mixxx is a free and open-source DJ software designed for DJs of all skill levels.…

  3. mix Command Examples

    Mix is a versatile build tool designed specifically for Elixir projects. It offers a wide…

  4. mitmproxy Command Examples

    mitmproxy is an interactive HTTP proxy tool that operates as a man-in-the-middle (MITM) between a…

  5. mitmdump Command Examples

    mitmdump is a command-line tool that is part of the mitmproxy suite, which is designed…