Have you ever had a user login to your box and then ask you for help? Or have you ever been curious as to what your users are doing on your system? The watch(8) utility will let you snoop another tty, allowing you to see what your other users are doing and even interact with them. It’s a must-have utility for every network administrator.
- Local root access on the box or be able to su to root.
- A SSH client that supports ANSI colors such as puTTy or SecureCRT (if you aren’t on the box).
- Your favorite text editor (I prefer nano)
For the 5.x branch, there is no installation needed. Everything required for watch is already installed.
For the 4.x branch, we have to compile a kernel with snp support. So, add the following to your kernel configuration:
# nano -w /usr/src/sys/i386/conf/MYKERNEL ***output omitted*** pseudo-device snp 4 ***output omitted***
This compiles the snp snooping utility and you can change the 4 to however many terminals you plan on watching at any given time. Now, compile and install your kernel.
You need to know which tty you wish to watch, so if you don’t know it you can find out.
# who jon ttyp0 Oct 19 12:10 (192.168.0.20) steve ttyp1 Oct 19 12:15 (192.168.0.23)
Let’s say we want to see what steve is up to. The syntax is:
# watch [options] tty
We can simply issue the following to see what he is doing:
# watch ttyp1
Now, if steve is requesting help, you can interactively watch his terminal with:
# watch -W ttyp1
Whatever he types, you see and whatever you type, he sees. It’s a beautiful thing. Now the next thing to know is what you can do once you are in watch.
Exit watch. Clear screen. Change attached tty, unless this feature is disabled, in which case control-X is passed to the terminal as with other control characters.
That’s all there is to watching your other user’s activity.