Subject: Re: newsyslog and script execution instead of sending signal to process
To: NetBSD-current Users's Discussion List <current-users@netbsd.org>
From: Brett Lymn <blymn@baesystems.com.au>
List: current-users
Date: 07/16/2007 16:55:34
On Mon, Jul 16, 2007 at 02:49:29AM -0400, Greg A. Woods wrote:
>
> It's extremely inelegant to have newsyslog invoking other programs,
> never mind opening a whole new can of worms on the security front.
>
There is already this wheel in Solaris called logadm - it allows
pre/post log roll scripts. Having yet another cron job that is just
there to watch a directory and move the logs is rather inelegant in
itself - nevermind the race condition if the log is still in the
process of being rolled when it is moved/compressed. You don't have
to run the scripts as root - you can always su to the correct user
before running the roll script (if that is really necessary).
--
Brett Lymn