Terminal I/O Activity Tracer
Operation
This painfully simple script can be used to duplicate the terminal I/O performed by any single process. Simply put, you can display the output produced by any program and, for example, see what some user is doing. It's superior to e.g. ttysnoop in that it doesn't require installation of any kernel modules or such nonsense. It doesn't even need root access, but without it, you can only spy on your own processes.
As for the technical side, all it takes to monitor some processes' activity is to strace it.
Usage
The script takes one argument, which is the PID of the process to trace.
Limitations
There are several limitations that I will *not* address in the publicly-released version of the script.
- Tracing more than one process (e.g. a process group)
This is moderately hard, but fairly possible. I haven't tried it, though. - Tracing a whole user (shell) session
I've done that, but I will not release the sources*. Don't feed the script kiddies, please. - Handling screen size and screen refresh with ncurses-based programs
If you connect to an already-running ncurses program, you will only get partial screen refreshes. Slamming the process on its head with SIGWINCH might help. As for reading the screen size, it may _sometimes_ be found in the process environment. - Virtual typing on the user's keyboard.
Definitely possible, but requires different program design - shell script can't do it, manual ptrace is required. Too much C coding for me to even bother.
The program cannot trace mmap'd operations. This one is hard to overcome, but terminal I/O doesn't involve mmap - or, at least, I have never seen it do.
Download
---
*Please don't ask. Either write it yourself or forget about it.