Access rights for system logs
opensource at till.name
Mon Feb 28 17:24:26 UTC 2011
On Mon, Feb 28, 2011 at 11:46:13AM -0500, Steve Grubb wrote:
> On Friday, February 25, 2011 03:13:31 am Matthias Runge wrote:
> > - change systems logs owners from root:root mode 600 to root:adm mode
> > 640 (or something similar)
> So, what would be the implementation of this? How would logcheck or any log reader
> work. Would they be setgid applications or would they start as root and change to this
> new account?
Usually they are run as the required user in a cron job and the admin
(root) needs to configure / install them to run. For security reasons,
logcheck should not be run with root permissions, but it still needs
access to the log files to process them.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 836 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20110228/b17593a0/attachment-0001.bin
More information about the devel