In a production environment, it can be useful to know what each person is doing. This is particularly helpful when a mistake happens and nobody admits to it (yes, it happens). Novice hackers (aka script kiddies) who call themselves hackers because they’ve put a keylogger on a machine might also be interested in this. However, the purpose is obviously not the same.
Two commands are useful:
sa: obtains statistics on process launches
lastcomm: obtains a list of commands launched by users