Where to put user written program
Scott Oertel
freebsd at scottevil.com
Fri Jul 20 15:18:15 CDT 2007
David Nicol wrote:
>> >> I've written a Perl program to
>> >> parse my /var/log/messages file and place certain data into a mySQL
>> >> database.
>
>> I agree, any script that I write the performs a system function and is
>> not part of the provisioning system usually goes in /root/bin
>
> Seriously, the more secure approach as I understand it is to create
> a special-purpose user and have the process run by that user. For
> clarity's sake, the script would then live somewhere like
>
> /home/Logcooker/bin
>
> (I capitalize fake users, to avoid confusion in case I have to give
> a user account on this machine to someone strongly identified
> with their hobby as an amateur paper miller.)
>
>
>
Well, this would be more secure, provided you have a specially crafted
sudoer's file for that "Logcooker" user so that they may access the
logs, although after some period of creating maintenance scripts the
sudo file will start to get very very large and complicated, leaving you
with a user that has nearly the same as root privileges
-Scott Oertel
More information about the Kclug
mailing list