Disallow rm'ing your own open file
Dave Burton
daveb at i88.isc.com
Tue Feb 20 05:33:25 AEST 1990
In article <1990Feb17.190606.22454 at gpu.utcs.utoronto.ca> milan at gpu.utcs.utoronto.ca (Milan Strnad) writes:
|I am trying to put some controls on the "root" account (don't even ask why).
|Currently I have all of root's activity (key strokes, etc.) getting logged
|in a log file. Unfortunately, this does not prevent the root user from "rm"ing
|the log file, but it does prevent him from modifying it. File locking does
|not seem to work in this instance. How can I better ensure the log file
|maintains its integrity? I'm using SCO Xenix 2.3.2 on a Compaq 386.
You can't. Don't restrict root, restrict access. If you need a semi-privileged
user that can do most, but not all things, create a new notroot account,
change you systems permissions such that access is allowed where needed,
but denied where not. Use the group bits to good advantage.
It is a mistake to try and limit root. It's unrestricted for a reason.
--
Dave Burton
uunet!ism780c!laidbak!daveb
More information about the Comp.unix.xenix
mailing list