Subject: Re: newsyslog
To: None <email@example.com>
From: Greg A. Woods <firstname.lastname@example.org>
Date: 07/13/2000 15:51:50
[ On Thursday, July 13, 2000 at 15:48:33 (+0100), Andy Doran wrote: ]
> Subject: Re: newsyslog
> [/var/run, /var/spool/lock]
> To accomplish this newsyslog(8) becomes suid root, with the euid being set
> to ruid when the elevated privs are not needed...
Whatever gives you that idea?!?!?!? NEVER make it setuid to root!!!!
It *might* need to be made set-GROUP-id to 'daemon' and /var/spool/lock
then needs to be made group-writable of course, but that's the very very
Though I do see on the one UUCP and dial-out machine I have that I had
to change /var/spool/lock to group "dialer" and make it group writable
so that modems could be properly shared.
In theory making /var/spool/lock world-writable with the sticky bit
should be sufficient for all but the most paranoid situations.... The
more paranoid folks could create a separate lock directory with a unique
group ownership which all authorised newsyslog users would be members of
and of course in order to succeed in creating the lock they'd have to
specify a writable directory on the command-line....
Greg A. Woods
+1 416 218-0098 VE3TCP <email@example.com> <robohack!woods>
Planix, Inc. <firstname.lastname@example.org>; Secrets of the Weird <email@example.com>