Date: Fri, 11 Oct 2002 12:24:16 +0800 From: "Roman V. Mashak" <mrv@tv2.tomsk.ru> To: freebsd-questions@FreeBSD.ORG Subject: Re: Security questions Message-ID: <20021011042416.GA3718@mrv.tusur.ru> In-Reply-To: <20021010.12422900.3222565378@rafter.> References: <20021009.22451000.4017525480@rafter.> <20021010023701.GJ21391@hades.hell.gr> <20021010.10135300.3745751216@rafter.> <20021010102838.GN21391@hades.hell.gr> <20021010.12422900.3222565378@rafter.>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Oct 10, 2002 at 12:42:29PM +0000, Socketd wrote: > > write or modification access through access lists. But that's > > something we ought to reconsider when ACLs are widely available on > > FreeBSD, imho. > I am not the biggest fan of ACL's and I think we can solve this problem > with the tools we have now. We have /var and different daemons and the > kernel have to write messages to different files in that "dir". The > interface to /var/ should be syslogd, meaning that all files in that > "dir" should be owned by syslog. I can't see the need for ACL to make > syslogd a non-root daemon. What about running syslogd with '-ss' commandline options? IMHO it's a bit secure than default variant. -- Best regards, Roman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021011042416.GA3718>