• Posted on August 29, 2014

Clear Linux and MySQL History on Logout

If you run a server, you probably end up having to run commands that require passwords. Some programs handle passwords a lot better than others, such as MySQL. If you don’t specify a password in MySQL but include the -p argument, your password won’t be visible. But if you create a new user or change your password that’s a different story. There are also some programs that may require sensitive information directly from the command line or commands that you want to run once the user exits of the shell.

This tutorial, if it can be called that since it’s so short, will teach you how to run a bash script when you log out of your linux server. This will only work with users who use the bash shell. This won’t work if you have a GUI installed. Also, if you use sudo, which you should, this won’t work unless you initiate sudo using the command of sudo -iu root instead of just sudo su. The argument -i specifies sudo to simulate the initial login of that user and the -u specifies the user to login as. If you are logging in as root, you can just use the command of sudo -i.

Now we create the script we want to run when the user exits the shell using one of the methods such as logout, exit or using the key combination of Control + D. Every user can have a different script execute when they log out, but for my server I have all users running the same script so I also added the script to /etc/skel/ so new users will get the script by default.

Create the Script

Visit a user directory, and check to see if their home directory contains the file .bash_logout. Most of the time this will file exist with code that will clear the console. If you don’t have this file you can create your own easily using the command touch .bash_logout.

Edit the file by using your favorite text editor, I usually end up using vi since it comes with Debian, but nano is also a good alternative and is more user friendly.

Enter any commands you want into this file. The file is just a bash script which will allow you to add logic and more if required. Keep in mind the permissions the user will have when running these commands since the script will run using the current user’s permissions.

Example Script

# ~/.bash_logout: executed by bash(1) when login shell exits.
# when leaving the console clear the screen to increase privacy

if [ "$SHLVL" = 1 ]; then
    [ -x /usr/bin/clear_console ] && /usr/bin/clear_console -q
fi

# delete history
history -a
cat /dev/null > $HOME/.mysql_history
cat /dev/null > $HOME/.bash_history

I have the above code clear the console (the default .bash_logout functions) but at the end I added the delete history functions which will clear out the files of .bash_history and .mysql_history just in case any passwords were in plain text in those two files. You can add anything you like to this file as long as the user has permissions to execute it.

To explain a little bit about the code I inserted at the end, the first call is to history -a which will append all the new history commands to the file and flush it. This is required since the history file isn’t flushed until after the connection is closed. If you don’t call this command, the history file will only deleted commands from the previous session and not the one that just occurred.

The next two lines are simply taking the contents of /dev/null and inserting them into the two history files. This is a lot easier than deleting the files and creating them again.

Create Script for All Users

To use the same logout script for all users, save it to the directory /etc/skel which is used by Debian as the layout for new user’s home folders. I am unsure if other operating systems use the same directory.

You will then have to copy the file /etc/skel/.bash_logout to all users that currently exist. Sadly since the function cp doesn’t allow multiple destinations you will have to write a bash script that will perform this action for you, or you could just manually copy the files if you only have a few users like I did. Below are a few links to scripts that may help you on copying the file to all home directories.