From owner-freebsd-security  Mon Nov 30 16:30:06 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA13266
          for freebsd-security-outgoing; Mon, 30 Nov 1998 16:30:06 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from omahpop1.omah.uswest.net (omahpop1.omah.uswest.net [204.26.64.1])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id QAA13158
          for <freebsd-security@freebsd.org>; Mon, 30 Nov 1998 16:29:58 -0800 (PST)
          (envelope-from opsys@open-systems.net)
Received: (qmail 11322 invoked by alias); 1 Dec 1998 00:29:45 -0000
Delivered-To: fixup-freebsd-security@freebsd.org@fixme
Received: (qmail 11311 invoked by uid 0); 1 Dec 1998 00:29:43 -0000
Received: from dialupe196.ne.uswest.net (HELO pinkfloyd.open-systems.net) (209.180.99.196)
  by omahpop1.omah.uswest.net with SMTP; 1 Dec 1998 00:29:43 -0000
Date: Mon, 30 Nov 1998 18:29:45 -0600 (CST)
From: "Open Systems Inc." <opsys@open-systems.net>
To: freebsd-security@FreeBSD.ORG
Subject: chflags sappnd and secure level 3 question...
Message-ID: <Pine.BSF.3.96.981130182802.17477A-100000@pinkfloyd.open-systems.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


Ok apparently I dont quite grawk what the problem is here.
I have a firewall box running secure level 3.
With ALL the log files in /var/log/* set with sappnd.
But newsyslog keeps spitting out:

From: root (Cron Daemon)
To: root
Subject: Cron <root@pm330> /usr/sbin/newsyslog
X-Cron-Env: <SHELL=/bin/sh>
X-Cron-Env: <PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin>
X-Cron-Env: <HOME=/root>
X-Cron-Env: <LOGNAME=root>
X-Cron-Env: <USER=root>
Status: RO

newsyslog: can't start new log: Operation not permitted

I thought sappnd would allow root to append files. Do I have that part
right?

newsyslog cant rotate the logs. Does the /var/log dir need to be set
sappnd itself?

I guess ill go try that.

Thanks,
Chris

"If you aim the gun at your foot and pull the trigger, it's UNIX's job to 
ensure reliable delivery of the bullet to where you aimed the gun (in
this case, Mr. Foot)." -- Terry Lambert, FreeBSD-Hackers mailing list.

===================================| Open Systems FreeBSD Consulting.
  FreeBSD 2.2.7 is available now!  | Phone: 402-573-9124
-----------------------------------| 3335 N. 103 Plaza #14, Omaha, NE 68134
   FreeBSD: The power to serve!    | E-Mail: opsys@open-systems.net
      http://www.freebsd.org       | Consulting, Network Engineering, Security
===================================| http://open-systems.net

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQENAzPemUsAAAEH/06iF0BU8pMtdLJrxp/lLk3vg9QJCHajsd25gYtR8X1Px1Te
gWU0C4EwMh4seDIgK9bzFmjjlZOEgS9zEgia28xDgeluQjuuMyUFJ58MzRlC2ONC
foYIZsFyIqdjEOCBdfhH5bmgB5/+L5bjDK6lNdqD8OAhtC4Xnc1UxAKq3oUgVD/Z
d5UJXU2xm+f08WwGZIUcbGcaonRC/6Z/5o8YpLVBpcFeLtKW5WwGhEMxl9WDZ3Kb
NZH6bx15WiB2Q/gZQib3ZXhe1xEgRP+p6BnvF364I/To9kMduHpJKU97PH3dU7Mv
CXk2NG3rtOgLTEwLyvtBPqLnbx35E0JnZc0k5YkABRO0JU9wZW4gU3lzdGVtcyA8
b3BzeXNAb3Blbi1zeXN0ZW1zLm5ldD4=
=BBjp
-----END PGP PUBLIC KEY BLOCK-----


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message