Using `script' and `tail' to follow a shell session in real-time

This is an old trick that my longest standing friend and I used years ago on one of his UltraSPARC stations while having fun doing any number of things. It can be used for all sorts of needs (e.g. showing someone how to do something, allowing someone to help debug your problem to name two of many others) but the main idea is that one person is running tasks (for the purpose of this article I will pretend this person is the victim) and more generally using the shell, while the other person (and pretending that this person is the snoop) is watching everything, even if they're across the world. It works as long as both are on the same system and that the victim writes output (directs to) a file that the snoop can read (as in open for reading).

Before I get to how to do this, I want to point something else out. If you look at the man page for script, you will see the following block of text under OPTIONS:

-f, --flush
Flush output after each write. This is nice for telecooperation: one
person does `mkfifo foo; script -f foo', and another can supervise
real-time what is being done using `cat foo'.

But there are two problems with this method both due to the fact that the watching party (as I put it for amusement, the snoop) has control. To demonstrate these problems assume my login name is 'luser' and that I type at the shell the following:

$ mkfifo /tmp/$(whoami).log ; script --flush -f /tmp/$(whoami).log

The following problems I'm aware of exist:

First, my session will block, waiting for the 'snoop' to type at their prompt:
$ cat /tmp/luser.log
And until that happens, even if I type a command, no output occurs on my end (the command is not ignored, however). Once the other person does type that I will see the output of script (showing that the output is being written to /tmp/luser.log and any output from commands that I might have sent. The other user will see the output too, including which file is being written to.
Secondly, the snoop decides when to stop. When they hit ctrl-c (^C) (or whatever they have their intr set to; see `stty -a | grep intr' and the man page for stty) then once I begin to type, I will see at my end, something like this:
$ lScript done, file is /tmp/luser.log
$
Note that I hit the letter l, as if I was going to type ls (for example) and then I see the script done output. If I finish the command, let's say by typing s and then hit enter, I will instead of seeing the output of ls, I will see (since typing ls hardly takes any time I will show it as it would appear on my screen, with the command completed, or one would suspect so):
$ lScript done, file is /tmp/luser.log
$ s
-bash: s: command not found
Yes, that means that the first character closes my end (the lScript is
not a typo, that is what appears on my screen), shows me the typical message
after script is done and then and only then do I get to enter a command
proper.

So the question is, is there a way that I can control the starting of the file, and even more than that, could the snoop check on the file later (doesn't watch in the beginning) or stop in the middle and then start watching again? Absolutely. Here's how:

Instead of making a FIFO (first in first out, i.e. a queue) I specify a file to write the script output to (a normal file with a caveat as below), or alternatively let the default file name be the output, instead. So what I type is:
$ script --flush -f /tmp/$(whoami).log
Script started, file is /tmp/luser.log
$
After that is done, I inform (somewhere else, or otherwise they use the --retry option of tail, to repeatedly try until interrupted or the file can be followed) the snoop (now THAT is something you don't expect to ever be true, is it? Why would I inform a snoop of anything at all?! This is of course WHY I chose the analogy in the first place) and they then type:
$ tail -f /tmp/luser.log
And they will see - by default - the last ten lines of the session (the session implies the script log, so not the last ten lines of my screen!). They could of course specify how many lines but the point is they will now be following (that's what -f does) the output of the file, which means whenever I type a command, they will see that as well as any output. This will happen until they hit ctrl-c (again or whatever they have intr set to) or I type 'exit' (and if I do that they will still try to follow the file, so they will need to hit ctrl-c or otherwise send intr, too). Note that even if I remove the log file while they're watching it, they will still see the output until I exit the script session. This is because they have a file descriptor of the log file and so while the file is no longer written to, they are still following it (this is because of how inodes work).

As for the caveat I referred to, it is simply this: control characters are also sent to the file and so it isn't ASCII only. Furthermore, because of the same reason, using text editors (e.g. vi) will not show correctly to the snoop.

In the end, this is probably not often used but it is very useful when it is indeed needed. Lastly, if you were cat the output file, you'd see it as if you were watching the file in real-time. Most importantly: do not ever do anything that would reveal confidential information and if you do have anything you don't want shown to the world, do not use /tmp or any public-readable file (and rm it when done too!). Yes, you can have someone read a file in your directory as long as they know the full path and have proper permissions to the directory and file.