On Sun, Feb 11, 2001 at 07:48:49PM +0100, wojtek@wojtek.from.pl wrote:
> > So create yourself a syslog group, change the permissions on /var/log,
> > and put all the appropriate users (root, www, named, uucp, ...) into the 
> > group.
> already done :)
> > As I said, tedious work, and doesn't necessarily solve the problem. If a
> > local user wants to cause a denial of service against your machine
> > there are *many* ways in which they can do it.
> 
> what if he have quotas on disk and CPU and process count???

As I said, there are many ways of causing a local DoS, and it can be
extremely non-trivial to tighten up a general-user UNIX box to prevent
it.

As someone who spent a few years running large multi-user UNIX boxes
for a large Computer Science department (with students who always find
ways to avoid doing assignments), it is not an easy task to make a
UNIX box resilient to various denial of service attacks by hostile local
users.