[Logcheck-devel] [patch] logtail recheck permissions of offset files
maks attems
debian at sternwelten.at
Mon Jul 12 14:53:18 UTC 2004
hi
before checking in that chown fix,
i wanted you to take a look.
tested on my workstation.
basicaly the patch takes care that logtail saves the
offset file with the correct permissions.
when playing around lately with file tampering
and those invoking logcheck as root.
i got similar output to #253998
Alfie may point out that i should not invoke logcheck
as root, but i better fix that before users complain.
patch shameless copied from perlfunc(1)
a++ maks
ps if you know a better solution of dropping root
privileges right from the start like
if [ $UID = 0 ]; then become logcheck.
i'd like to hear it.
Index: src/logtail
===================================================================
RCS file: /cvsroot/logcheck/logcheck/src/logtail,v
retrieving revision 1.7
diff -u -r1.7 logtail
--- src/logtail 10 Jun 2004 09:34:05 -0000 1.7
+++ src/logtail 10 Jul 2004 14:48:23 -0000
@@ -24,6 +24,7 @@
my ($size);
use Getopt::Std;
my %opts = ();
+my $user = 'logcheck';
# process args and switches
@@ -100,5 +101,11 @@
}
print OFFSET "$ino\n$size\n";
close OFFSET;
+
+ # make shure if invoked as root that file remains readable for cronjob
+ my ($login,$pass,$uid,$gid) = getpwnam($user)
+ or print "$user not in passwd file" and exit 73;
+ chown $uid, $gid, $offsetfile;
+
}
exit 0;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040712/64b21a4d/attachment.pgp
More information about the Logcheck-devel
mailing list