ttysnoop

Hurricane Electric Internet Services: Accounts starting at $9.95/month
Hurricane Electric Internet Services

SYNOPSIS

     ttysnoop [pty]
     ttysnoops [loginname]


DESCRIPTION

     The ttysnoop / ttysnoops client-server combo can be used to snoop (watch)
     on a user's login tty.  The server (ttysnoops) is usually started by get-
     ty(8) or telnetd(8) and reads the file /etc/snooptab to find out which
     tty's should be cloned and which programs to run on them (usually
     /bin/login). A tty may be snooped through a pre-determined (ie.  fixed)
     device, or through a dynamically allocated pseudo-tty (pty). This is also
     specified in the /etc/snooptab file. To connect to the pty, the ttysnoop
     client should be used.

   Format of /etc/snooptab
     The /etc/snooptab file may contain comment lines (starting with a '#'),
     empty lines, or entries for tty's that should be snooped upon. The format
     of such an entry is as follows:

           tty   snoop-device   type   program

     where tty is the leaf-name of the tty that should be snooped upon (eg.
     ttyS2, not /dev/ttyS2) OR the wildcard '*', which matches ANY tty.
     snoop-device is the device through which tty should be snooped (eg.
     /dev/tty8) OR the literal constant "socket". The latter is used to tell
     ttysnoops that the snoop-device will be a dynamically allocated pty.
     type specifies the type of program that should be run, currently recog-
     nized types are "init", "user" and "login" altough the former two aren't
     really needed. Finally, program is the full pathname to the program to
     run when ttysnoops has cloned tty onto snoop-device.


EXAMPLE

     The following example /etc/snooptab file should illustrate the typical
     use of ttysnoop / ttysnoops:

            #
            # example /etc/snooptab
            #
            ttyS0    /dev/tty7    login    /bin/login
            ttyS1    /dev/tty8    login    /bin/login
            #
            # the wildcard tty should always be the last one in the file
            #
            *        socket       login    /bin/login
            #
            # example end
            #

     With the above example, whenever a user logs in on /dev/ttyS0 or
     /dev/ttyS1, either tty will be snooped through /dev/tty7 or /dev/tty8 re-
     spectively. Any other tty's will be snooped through a pty that will be
     allocated at the time of login. The system-administrator can then run
     ttysnoop pty to snoop through the pty. Note that it is up to the system-
     administrator to setup getty and/or telnetd so that they execute


AUTHOR

     Carl Declerck, carl@miskatonic.nfe.be

BSD Experimental                 August 8 1994                               2

Hurricane Electric Internet Services: Accounts starting at $9.95/month
Hurricane Electric Internet Services
Copyright (C) 1998 Hurricane Electric. All Rights Reserved.