Date: Thu, 10 Oct 2002 13:28:38 +0300 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Socketd <db@traceroute.dk> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Security questions Message-ID: <20021010102838.GN21391@hades.hell.gr> In-Reply-To: <20021010.10135300.3745751216@rafter.> References: <20021009.22451000.4017525480@rafter.> <20021010023701.GJ21391@hades.hell.gr> <20021010.10135300.3745751216@rafter.>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2002-10-10 10:13, Socketd <db@traceroute.dk> wrote: > On 10/10/02, 4:37:02 AM, Giorgos Keramidas <keramida@ceid.upatras.gr> wrote: > > > I've noticed that syslogd run as root, but why? > > > > Another reason is obvious if you look at the owner and permissions of > > the system log files: > > > giorgos@patata[05:33]/home/giorgos$ ls -ld /var/log/messages > > -rw-r--r-- 1 root wheel 620908 Oct 10 05:33 /var/log/messages > > Yes, but they could be changed to user: syslog No they couldn't. syslog is not a superuser, but a normal user. The access controls imposed on users attempting to access the files owned by a root user are a bit more strict than those that apply to the rest of the users, right now. I have to admit, it's not a bad idea to have log files owned by a syslog:syslog user, and selectively allow read, write or modification access through access lists. But that's something we ought to reconsider when ACLs are widely available on FreeBSD, imho. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021010102838.GN21391>