Date: 21 May 2003 11:06:50 -0400 From: Dan Pelleg <daniel+bsd@pelleg.org> To: Steven Haywood <steven@natural.keybaud.org> Cc: questions@freebsd.org Subject: Re: File system accounting Message-ID: <u2sr86sxrsl.fsf@gs166.sp.cs.cmu.edu> In-Reply-To: <20030521134956.GA13890@keybaud.org> References: <20030521134956.GA13890@keybaud.org>
next in thread | previous in thread | raw e-mail | index | archive | help
steven@natural.keybaud.org (Steven Haywood) writes: > Hiya > > Is there any way I can keep a track of which users modify certain files? (I have allowed a couple of people access to some of my MRTG config files, I'd like to be able to point a finger if one of them breaks something...) > > Thanks > Steven I'm assuming you already looked at accton and decided against it. You can possibly use sudo (in the ports). Change the permissions on the files so only one special user could change them. Configure the sudoers file to allow people from this group to run specific commands as that user to manipulate the file and to log every time it grants access in this way. The tricky part is coming up with the right set of commands. Obviously if you let them run a shell as that user then they can mess it up in lots of ways (like redirecting to it). All you'll have then is the time in which they last got a shell - if you're lucky that will be enough. But to be safe you'll want sudo to just let them use something like perl -i and an editor (and make sure the editor doesn't let them break into a shell!). -- Dan Pelleg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?u2sr86sxrsl.fsf>