Linux知识：History命令显示时间及操作者

Linux知识：History命令显示时间及操作者

以下是man history显示的信息
       history [n]
       history -c
       history -d offset
       history -anrw [filename]
       history -p arg [arg ...]
       history -s arg [arg ...]

       With no options, display the command history list with line numbers.  Lines listed with a * have been modified.  An argument  of  n  lists  only  the  last  n lines.  If the shell variable HISTTIMEFORMAT is set and not null, it is used as a format string for strf time(3) to display the time stamp associated with each displayed history entry.  No intervening blank is printed between  the  formatted  time stamp and the history line.  If filename is supplied, it is used as the name of the history file; if not, the value of  HISTFILE is used.  Options, if supplied, have the following meanings:
＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃
              -c     Clear the history list by deleting all the entries.
              -d offset
                     Delete the history entry at position offset.
              -a     Append the ``new'' history lines (history lines entered since the beginning of the current  bash  session)  to  the  history   file.
              -n     Read  the  history  lines not already read from the history file into the current history list.  These are lines appended to  the history file since the beginning of the current bash session.
              -r     Read the contents of the history file and use them as the current history.
              -w     Write the current history to the history file, overwriting the history file's contents.
              -p     Perform history substitution on the following args and display the result on  the  standard  output.   Does  not  store  the  results in the history list.  Each arg must be quoted to disable normal history expansion.
              -s     Store  the  args in the history list as a single entry.  The last command in the history list is removed before the args are  added.
＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃
              If the HISTTIMEFORMAT variable is set, the time stamp information associated with each history entry  is  written  to  the  history  file, marked with the history comment character.  When the history file is read, lines beginning with the history comment character   followed immediately by a digit are interpreted as timestamps for the previous history line.  The  return  value  is  0  unless  an  invalid option is encountered, an error occurs while reading or writing the history file, an invalid offset is supplied as an argument to -d, or the history expansion supplied as an argument to -p fails.

通过上面的man page信息大家可能会看到里面有一个叫HISTTIMEFORMAT的变量，大家可能都知道history这个命令是显示历史命令的，但是如果我想知道你用系统上的那个用户操作了我这台机器，什么时间操作的，我们直接用history命令是不可能实现的，那么下面我们就来看一下如何实现这个功能呢。

其实该变量可以自定义history是的输出显示，格式同strftime，可以根据date命令的格式进行设置

[root@ www.bkjia.com ~]# export  HISTTIMEFORMAT="`whoami` : %F %T :"
 2333  root : 2012-05-30 13:55:55 :man date
 2334  root : 2012-05-30 14:04:49 :cd
 2335  root : 2012-05-30 14:04:51 :clear
 2336  root : 2012-05-30 14:04:54 :ls
 2337  root : 2012-05-30 14:04:58 :history 
 2338  root : 2012-05-30 14:05:08 :ls
 2339  root : 2012-05-30 14:05:16 :vim .bash_profile 
 2340  root : 2012-05-30 14:05:31 :export  HISTTIMEFORMAT="`whoami` : %F %T :"
 2341  root : 2012-05-30 14:05:35 :history 

如果大家想让这个变量永久生效的话，可以把export HISTTIMEFORMAT="`whoami` : %F %T : "写入到~/.bash_profile中，这样的话就可以永久生效了，不访大家试试看吧！