David Nicol wrote:
On 7/20/07, Scott Oertel freebsd@scottevil.com wrote:
/home/Logcooker/binWell, this would be more secure, provided you have a specially crafted sudoer's file for that "Logcooker" user so that they may access the logs, although after some period of creating maintenance scripts the sudo file will start to get very very large and complicated, leaving you with a user that has nearly the same as root privileges
-Scott Oertel
no, no, no -- use group permissions. Although the way people use sudo, you'd think they'd just go ahead and use all the SEL features. The inside-out thinking required to use groups effectively is a genuine usability barrier.
Did anyone from that crazy summer class at ITT I taught earlier this year actually sign up for this mailing list like I encouraged them to do?
I just don't see the problem really with having a script inside /root/bin, which is completely locked down to only the root user, which parses logs via a cron job. I just don't see the harm.
-Scott Oertel