rootsh Installation Instructions:

coming soon: http://people.consol.de/~lausser/rootsh
lausser@users.sourceforge.net


Step 1. Decide if you want to have your logfiles in a non-standard place.

        Logfiles with names like <user>.<date><time>.<process id>
        will be written here, one for each rootsh session.
        The users' input and output will be copied into these files.
        I recommend to go with the default settings. This will be
        /var/log/rootsh, /var/adm/rootsh, ...
        according to your operating system.


Step 2. Decide if you want to disable syslog.

        By default all of the logged input and output will be 
        sent to the syslog daemon. If you don't trust your 
        rootsh users you can have syslogd to send your logging data
        to another host, where they can not be manipulated.
        In any case the logged input and output will be written
        into logfiles.


Step 3. Decide if you want to change syslog priority.
  
        By default all syslog messages use level "local5" and
        facility "notice". If you don't like this, you can use
        whatever you want. 
        Be sure you edit your /etc/syslog.conf and make an entry
        for your priority, either "local5.notice" or your own.


Step 4. Decide if you want to turn off syslog line numbering

	By default every syslog line is prepended by a 3-digit counter
	and a colon. If you are in doubt wether messages were lost on
	their way to the syslog server, you can examine the counter's
	column. The numbers should be ascending from 000 to 100 and
	then again start at 000.
	Look at the bottom of this file for an example.


Step 5. Decide if you want to turn off writing the username into
	every syslog line.

	By default every syslog line is prepended by the username of
	the calling user. This is for your convenience, if you have
	a quick glance at the logfile. If you think this makes your
	logfile less readable, disable it. You still can take the 
	session-id which prepends the line and find the first line 
	with this id which announces the logging of a new session.
	This line also contains the username.
	Look at the bottom of this file for an example.


Step 6. Configure your installation

	There are 6 options to configure rootsh.

	--disable-logfile

	Using this option will turn off logging to a local logfile.
	If you disable logfiles, you _must not_ also disable syslog.
	By default logfiles are turned on.
	If you plan to use rootsh as command line interpreter with logging 
	for some users (7th field in /etc/passwd), you must disable logfiles.
	This is because rootsh will be run with user privileges.

        --with-logdir=LOGDIR
        
        Using this option will change the default directory for your
        logfiles. 

        --disable-syslog

        Using this option will turn off logging to syslog. You still
        have logfiles, but they could be manipulated by rootsh users.
	By default syslog is turned on.

        --enable-syslog=LEVEL.FACILITY

        Using this option will allow you to change the default
        priority "local5.notice":

	--disable-linenumbering

	Using this option will turn off prepending the syslog lines 
	with a line counter.

	--disable-syslog-username

	Using this option will turn off prepending the syslog lines
	with the username.

	--with-defaultshell

	If rootsh is a user's login shell from the 7th field in /etc/passwd
	there has to be a real command line interpreting shell which will
	be executed. You can override the default selection (mostly /bin/sh)
	with your own preferred shell.

	By calling the binary with the "-V" or "--version" option
	you can later see how these options were used.
	

Step 7. Build the binaries.

	This is the easy part, type "make".
	It worked for me on Linux 2.4, SunOS5.9, HP-UX11.11, AIX 5,
	FreeBSD 5.2.1 and IRIX 6.5

	
Step 8. Install the components.

	Type "make install".
	
	This will install your rootsh binary.  


Step 9. Grant a user the right to use rootsh

        Make an entry in your /etc/sudoers and give the user the right
        to execute the rootsh binary.
        By typing "sudo rootsh" he will get a root shell and you can
        watch his steps or read later what he has done.
	

Some remarks:

	I had two warnings on AIX with gcc-2.95 
        /usr/include/time.h:236: warning: `struct sigevent' declared 
	   inside parameter list
	rootsh.c:258: warning: implicit declaration of function `snprintf'
	which disappeared when i used the native compiler. 
	Maybe a newer gcc also helps. (-std=c99 produced even more warnings)



Some examples:

default syslog behaviour:

Mar 24 13:44:38 srv1 rootsh[062fd]: user1234=root,/dev/pts/10: logging new session (rootsh[062fd]) to /var/log/rootsh/user1234.20050324134426.062fd
Mar 24 13:44:39 srv1 rootsh[062fd]: user1234: 000: srv1:/home/user1234/rootsh-1.5.2 # cd /etc
Mar 24 13:44:41 srv1 rootsh[062fd]: user1234: 001: srv1:/etc # pwd
Mar 24 13:44:11 srv1 rootsh[062fd]: user1234: 002: /etc
Mar 24 13:44:42 srv1 rootsh[062fd]: user1234: 003: srv1:/etc # exit
Mar 24 13:44:42 srv1 rootsh[062fd]: user1234: 004: exit
Mar 24 13:44:42 srv1 rootsh[062fd]: user1234: 005: *** rootsh session ended by user
Mar 24 13:44:42 srv1 rootsh[062fd]: user1234: 006: 
Mar 24 13:44:42 srv1 rootsh[062fd]: user1234,/dev/pts/10: closing rootsh session (rootsh[062fd])


with --disable-linenumbering:

Mar 24 13:56:27 srv1 rootsh[06208]: user1234=root,/dev/pts/10: logging new session (rootsh[06208]) to /var/log/rootsh/user1234.20050324135626.06208
Mar 24 13:56:29 srv1 rootsh[06208]: user1234: srv1:/home/user1234 # cd /etc
Mar 24 13:56:31 srv1 rootsh[06208]: user1234: srv1:/etc # pwd
Mar 24 13:56:31 srv1 rootsh[06208]: user1234: /etc
Mar 24 13:56:32 srv1 rootsh[06208]: user1234: srv1:/etc # exit
Mar 24 13:56:32 srv1 rootsh[06208]: user1234: exit
Mar 24 13:56:32 srv1 rootsh[06208]: user1234: *** rootsh session ended by user
Mar 24 13:56:32 srv1 rootsh[06208]: user1234: 
Mar 24 13:56:32 srv1 rootsh[06208]: user1234,/dev/pts/10: closing rootsh session (rootsh[06208])


with --disable-syslog-username:

Mar 24 13:58:21 srv1 rootsh[0621a]: user1234=root,/dev/pts/10: logging new session (rootsh[0621a]) to /var/log/rootsh/user1234.20050324135626.0621a
Mar 24 13:58:21 srv1 rootsh[0621a]: 000: srv1:/home/user1234 # cd /etc
Mar 24 13:58:34 srv1 rootsh[0621a]: 001: srv1:/etc # pwd
Mar 24 13:58:34 srv1 rootsh[0621a]: 002: /etc
Mar 24 13:58:35 srv1 rootsh[0621a]: 003: srv1:/etc # exit
Mar 24 13:58:35 srv1 rootsh[0621a]: 004: exit
Mar 24 13:58:35 srv1 rootsh[0621a]: 005: *** rootsh session ended by user
Mar 24 13:58:35 srv1 rootsh[0621a]: 006: 
Mar 24 13:58:35 srv1 rootsh[0621a]: user1234,/dev/pts/10: closing rootsh session (rootsh[0621a])


with --disable-syslog-username --disable-linenumbering:

Mar 24 14:03:17 srv1 rootsh[06220]: user1234=root,/dev/pts/10: logging new session (rootsh[06220]) to /var/log/rootsh/user1234.20050324130326.06220
Mar 24 14:03:19 srv1 rootsh[06220]: srv1:/home/user1234 # cd /etc
Mar 24 14:03:21 srv1 rootsh[06220]: srv1:/etc # pwd
Mar 24 14:03:21 srv1 rootsh[06220]: /etc
Mar 24 14:03:22 srv1 rootsh[06220]: srv1:/etc # exit
Mar 24 14:03:22 srv1 rootsh[06220]: exit
Mar 24 14:03:22 srv1 rootsh[06220]: *** rootsh session ended by user
Mar 24 14:03:22 srv1 rootsh[06220]: 
Mar 24 14:03:22 srv1 rootsh[06220]: user1234,/dev/pts/10: closing rootsh session (rootsh[06220])



