Snoop

From FBSD_tips

Jump to: navigation, search

Back to "Admin building blocks"

Ever wanted to "look over the shoulder" of a logged in shell account? How about "take over" control of the session? If you have found yourself wanting to do that, WATCH(8) and SNP(4) are the answer.

We have 2 options for getting the snp device driver into the kernel, kldload it or edit the kernel config, adding pseudo-device snp and rebuilding/reinstalling the kernel. The simple way is to dynamically load it (as root, also make sure you haven't raised your securelevel) : 

kldload snp

Now the device is loaded, we need to find the tty of the user we want to watch, we'll use who : 

[root@ ~]# who
root             ttyv0    Sep 11 19:09
sally            ttyv1    Sep 11 19:13
joe              ttyqu    Sep 18 23:52

Now all we have to do now to watch joe is run watch like this : 

watch ttyqu

Some salient details, while running, ctrl-g - exits. Command line options, -c reconnect on close (and watch the next user on the tty), -W allows write access.

Have fun, and only use your power for good, not evil.

Gongo 04:45, 27 September 2007 (UTC)

Retrieved from "http://bsdtips.utcorp.net/mediawiki/index.php/Snoop"
Personal tools