Re: CVS commit: basesrc/usr.sbin/user

[Alistair Crooks <agc%wasabisystems.com@localhost>]

On Tue, Aug 27, 2002 at 11:19:17PM +1000, matthew green wrote:
>    
>    Log Message:
>    Use syslog(3) to log new users and groups, deletions of users and groups,
>    and modification of user and group information.
>    
>    Syslog priority is LOG_INFO, facility is LOG_USER (there is no need to
>    do this via LOG_AUTH, since the password and group files are world
>    readable).
>    
>    Suggested by Hubert Feyrer, after a similar facility in Linux.
> 
> 
> LOG_USER seems very wrong for this to me (syslog(3)):
> 
>      LOG_USER      Messages generated by random user processes.  This is the
>                    default facility identifier if none is specified.
> 
> this seems more like LOG_AUTH stuff to me.

By default, LOG_AUTH facility goes to /var/log/authlog, and this information

Aug 27 13:26:30 sys1 useradd[1247]: new user added: name=bozo, uid=1004, 
gid=100, home=/home/bozo, shell=/bin/csh
Aug 27 13:26:46 sys1 userdel[1249]: user removed: name=bozo

is not really the same type as the login, su information which is
logged via LOG_AUTH.  The information logged by user(8) is much more
informational, and, as the same information can be gleaned from
watching /etc/passwd and /etc/group, it is not really necessary to use
LOG_AUTH, since it is less of a security logging intent, and much more
of an informational intent.

FYI, I actually had it as LOG_AUTH and changed it to use LOG_USER,
since it is a much better fit.

Regards,
Alistair