I want to protect the history file from deleted for all users except user ‘root’ can do it, is that possible?
For my server, many users can log in with root from remote through ssh, so I can not trace which guy do wrong things. So I decide to create new account for every users and let them use ‘sudo’ then I can trace which guy typed which command and what he did. However, even if I create new account for every user, they also can delete the history of them self easily.
How should I do. I believe everyone encountered such things normally. I think there is a gracefully solution for it as I am not experience on server manage. So any suggestions for how to trace user like to write down which user did as an audit trail and let it can not deletable exclude root user?