Where to put user written program
Scott Oertel
freebsd at scottevil.com
Fri Jul 20 16:36:33 CDT 2007
David Nicol wrote:
> On 7/20/07, Scott Oertel <freebsd at scottevil.com> wrote:
>> > /home/Logcooker/bin
>> >
>> >
>> Well, this would be more secure, provided you have a specially crafted
>> sudoer's file for that "Logcooker" user so that they may access the
>> logs, although after some period of creating maintenance scripts the
>> sudo file will start to get very very large and complicated, leaving you
>> with a user that has nearly the same as root privileges
>>
>>
>> -Scott Oertel
>
> no, no, no -- use group permissions. Although the way people use sudo,
> you'd think they'd just go ahead and use all the SEL features. The
> inside-out thinking required to use groups effectively is a genuine
> usability barrier.
>
> Did anyone from that crazy summer class at ITT I taught earlier this year
> actually sign up for this mailing list like I encouraged them to do?
>
>
>
>
>
I just don't see the problem really with having a script inside
/root/bin, which is completely locked down to only the root user, which
parses logs via a cron job. I just don't see the harm.
-Scott Oertel
More information about the Kclug
mailing list