From owner-freebsd-questions  Thu Oct 10  5:14:12 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B4F7F37B401
	for <freebsd-questions@FreeBSD.ORG>; Thu, 10 Oct 2002 05:14:11 -0700 (PDT)
Received: from nic.upatras.gr (nic.upatras.gr [150.140.129.30])
	by mx1.FreeBSD.org (Postfix) with SMTP id E92E543E42
	for <freebsd-questions@FreeBSD.ORG>; Thu, 10 Oct 2002 05:14:09 -0700 (PDT)
	(envelope-from keramida@ceid.upatras.gr)
Received: (qmail 5568 invoked from network); 10 Oct 2002 12:07:10 -0000
Received: from upnet-dialinpool-103.upnet.gr (HELO hades.hell.gr) (@150.140.128.151)
  by nic.upatras.gr with SMTP; 10 Oct 2002 12:07:10 -0000
Received: from hades.hell.gr (hades [127.0.0.1])
	by hades.hell.gr (8.12.6/8.12.6) with ESMTP id g9AASd4s036224;
	Thu, 10 Oct 2002 13:28:39 +0300 (EEST)
	(envelope-from keramida@ceid.upatras.gr)
Received: (from keramida@localhost)
	by hades.hell.gr (8.12.6/8.12.6/Submit) id g9AASd22036223;
	Thu, 10 Oct 2002 13:28:39 +0300 (EEST)
	(envelope-from keramida@ceid.upatras.gr)
Date: Thu, 10 Oct 2002 13:28:38 +0300
From: Giorgos Keramidas <keramida@ceid.upatras.gr>
To: Socketd <db@traceroute.dk>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: Security questions
Message-ID: <20021010102838.GN21391@hades.hell.gr>
References: <20021009.22451000.4017525480@rafter.> <20021010023701.GJ21391@hades.hell.gr> <20021010.10135300.3745751216@rafter.>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20021010.10135300.3745751216@rafter.>
X-PGP-Fingerprint: C1EB 0653 DB8B A557 3829 00F9 D60F 941A 3186 03B6
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On 2002-10-10 10:13, Socketd <db@traceroute.dk> wrote:
> On 10/10/02, 4:37:02 AM, Giorgos Keramidas <keramida@ceid.upatras.gr> wrote:
> > > I've noticed that syslogd run as root, but why?
> >
> > Another reason is obvious if you look at the owner and permissions of
> > the system log files:
> 
> > giorgos@patata[05:33]/home/giorgos$ ls -ld /var/log/messages
> > -rw-r--r--  1 root  wheel  620908 Oct 10 05:33 /var/log/messages
> 
> Yes, but they could be changed to user: syslog

No they couldn't.  syslog is not a superuser, but a normal user.  The
access controls imposed on users attempting to access the files owned
by a root user are a bit more strict than those that apply to the rest
of the users, right now.  I have to admit, it's not a bad idea to have
log files owned by a syslog:syslog user, and selectively allow read,
write or modification access through access lists.  But that's
something we ought to reconsider when ACLs are widely available on
FreeBSD, imho.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message