That won't work in the way you hope. If you look back up to the terminal snippet I posted, you'll see that group only has write permissions, not read.
Even if you were able to get read permissions on the other users TTY, you wouldn't be able to intercept their keystrokes with cat as it is blocking. That means their keystrokes would be redirected to your terminal and not echoed back to them in theirs, meaning they couldn't see what they're typing, which is a little too obvious for a keylogger
This is actually a pretty interesting approach in my opinion. I would guess you would have to write something to automate the attack by having the user connect to a dummy TTY which you would be able to log and redirect to a real TTY. The general idea would be something like:
- Read a byte from the users dummy TTY
- Log it
- Append it to a TTY you have in the background
- Return the same byte read to the users TTY
- Return anything from the background TTY, which would happen once they press enter
That's the simplest I can think of accomplishing this. Although, I'm sure someone who is much more fluent with Linux than I could come up with a better idea.