Where to put user written program
Jack
quiet_celt at yahoo.com
Wed Aug 1 17:56:19 CDT 2007
--- Scott Oertel <freebsd at scottevil.com> wrote:
> David Nicol wrote:
> > On 7/20/07, Scott Oertel <freebsd at scottevil.com>
> wrote:
> >> > /home/Logcooker/bin
> >> >
> >> >
> >> Well, this would be more secure, ...
>
> I just don't see the problem really with having a
> script inside
> /root/bin, which is completely locked down to only
> the root user, which
> parses logs via a cron job. I just don't see the
> harm.
>
I would have to concur on this. Only a user who has
hijacked the root account will be able to mess with
this script. If the root account is compriomised then
security is moot. However, if I were writing a script
to parse the log files, I would save the output under
a different account, so that those files didn't become
a security issue. Unless, only root should be looking
at the output. But then root really shouldn't be
logged onto the system doing anything, except system
maintenance.
IMHO,
Brian
More information about the Kclug
mailing list