On Mon, Oct 03, 2005 at 05:14:44PM -0700, Ranga Nathan wrote: > I need to scan the /var/log/messages to provide some tracing info through > a CGI. The catch is /var/log/messages is readable only by root and > rightfully so. But I do need 'nobody' to be able to scan it. > I run apache2. > What is the best way to preserve the security and yet make this happen? > Thanks
Here are some options, not necessarily recommendations; 1. Change the permissions on the file so it is world readable 2. If #1 is too permissive, change the group owner and put nobody in that group. 3. Modify /etc/syslog.conf so syslog writes to an alternate/additional file that is readable by nobody. 4. Write or find an suid program/daemon/server to provide read access to the log file. 5. Write a cron driven script that will scan the log file and write the results to another file that nobody can read. And many more in a similar vein. -Gyepi _______________________________________________ Boston-pm mailing list [email protected] http://mail.pm.org/mailman/listinfo/boston-pm
