stuff

stuff.sh

# 1) Create the group (safe if it already exists)
sudo groupadd -r cmdlog || true

# 2) Make sure the log file exists
sudo touch /var/log/test.log

# 3) Give it group ownership & permissions
sudo chgrp cmdlog /var/log/test.log
sudo chmod 664 /var/log/test.log

# 4) Add *your current user* to that group
sudo usermod -aG cmdlog $USER

# 5) Start a new shell session with the updated group list
newgrp cmdlog

# 6) Verify you’re now in the group
groups

# 7) Test writing to the file (should succeed without sudo now)
echo "test line $(date --iso-8601=seconds)" >> /var/log/test.log

sudo chown root:adm /var/log/test.log
sudo chmod 664 /var/log/test.log
sudo usermod -aG adm env-admin 

echo $PROMPT_COMMAND

# Command logger for Fluentd
if [ -n "$PS1" ] && [ -z "$BASH_COMMAND_LOGGER_SET" ]; then
  export BASH_COMMAND_LOGGER_SET=1
  shopt -s histappend
  export HISTTIMEFORMAT="%F %T "
  LOG_FILE="/var/log/test.log"
  PROMPT_COMMAND='LAST_CMD=$(HISTTIMEFORMAT= history 1 | sed "s/^ *[0-9]\+ *//"); \
    printf "%s user=%q tty=%q pwd=%q cmd=%q\n" "$(date --iso-8601=seconds)" "$USER" "$(tty 2>/dev/null)" "$PWD" "$LAST_CMD" >> "$LOG_FILE"; \
    history -a'
fi

sudo usermod -aG cmdlog $USER
newgrp cmdlog

ls -l /var/log/test.log # expect: -rw-rw-r-- 1 root cmdlog ...
sudo chgrp cmdlog /var/log/test.log
sudo chmod 664 /var/log/test.log

sudo chgrp cmdlog /var/log/test.log
sudo chmod 664 /var/log/test.log
sudo setfacl -m g:cmdlog:rw /var/log/test.log

Command logger for Fluentd

if [ -n "$PS1" ] && [ -z "$BASH_COMMAND_LOGGER_SET" ]; then
export BASH_COMMAND_LOGGER_SET=1
shopt -s histappend
export HISTTIMEFORMAT="%F %T "
LOG_FILE="/var/log/fluentd/cmd.log"
PROMPT_COMMAND='LAST_CMD=$(HISTTIMEFORMAT= history 1 | sed "s/^[[:space:]][0-9]+[[:space:]]//"); printf "%s user=%q tty=%q pwd=%q cmd=%q\n" "$(date --iso-8601=seconds)" "$USER" "$(tty 2>/dev/null)" "$PWD" "$LAST_CMD" >> "$LOG_FILE"; history -a'
fi