Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 27 May 2011 21:46:26 +0400
From: gremlin@...mlin.ru
To: owl-dev@...ts.openwall.com
Subject: Re: access to log files

On 26-May-2011 20:24:01 +0400, (GalaxyMaster) wrote:
 > > Just a suggestion:
 > > 0620 root:syslogd -> 0640 syslogd:wheel
 > It's a bad suggestion, BTW, since it revokes rights
 > from the syslogd to be able to write to that file
 > after the log rotation.

Checked that: it does not.

 > Our syslog drops privileges,

... to syslogd:syslogd, right?

 > so after the rotation is done it's have effective
 > group syslogd and this is why the file is set group
 > writable to that group.

The "syslogd" user writes to a log file. The "wheel" (or
whatever - say, "audit") group members read that file -
what's wrong?


-- 
Alexey V. Vissarionov aka Gremlin from Kremlin
<gremlin ПРИ gremlin ТЧК ru>
GPG key ID: 0xAB8CF595, keyserver: hkp://wwwkeys.eu.pgp.net

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ