From owner-freebsd-questions@FreeBSD.ORG Sat May 3 15:51:14 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2CDE2106567D for ; Sat, 3 May 2008 15:51:14 +0000 (UTC) (envelope-from infofarmer@FreeBSD.org) Received: from heka.cenkes.org (heka.cenkes.org [208.79.80.110]) by mx1.freebsd.org (Postfix) with ESMTP id 0311C8FC24 for ; Sat, 3 May 2008 15:51:13 +0000 (UTC) (envelope-from infofarmer@FreeBSD.org) Received: from amilo.cenkes.org (ppp85-140-149-58.pppoe.mtu-net.ru [85.140.149.58]) (Authenticated sender: sat) by heka.cenkes.org (Postfix) with ESMTPSA id 9ABEA242F886; Sat, 3 May 2008 19:51:10 +0400 (MSD) Date: Sat, 3 May 2008 19:51:06 +0400 From: Andrew Pantyukhin To: Wojciech Puchar Message-ID: <20080503155104.GH92161@amilo.cenkes.org> References: <20080503111941.L10738@wojtek.tensor.gdynia.pl> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20080503111941.L10738@wojtek.tensor.gdynia.pl> X-OS: FreeBSD 8.0-CURRENT amd64 User-Agent: Mutt/1.5.17 (2007-11-01) Cc: freebsd-questions@freebsd.org Subject: Re: logger blocking X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: infofarmer@FreeBSD.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 May 2008 15:51:14 -0000 On Sat, May 03, 2008 at 11:21:16AM +0200, Wojciech Puchar wrote: > how to prevent logger working for non-root? > it allows any user log anything it likes. > > i can change permission for /var/run/syslogd.socket but many different > programs running as different users logs through this. Let's see what options we have... a) rm -rf /usr/bin/logger b) echo 'echo I am a bad boy;rm -rf $HOME' > /usr/bin/logger c) create group 'syslog' add good users to it chown :syslog /var/run/syslogd.socket chmod 660 /var/run/syslogd.socket