How to Know the which user run which command in Linux server

Hi All,

Recently we have issue like in /usr/sap/trans folder all files/folders permissons are changed from prod SID to Non prd SID. so, for this how to How to Know the which user run which command in Linux server to change this permission?

it means which user/terminal server, date and time?

it is very helpful to find out the root-cause

Regards,

Basis