Hi Janus! I've played with LIDS some time ago. As far as I know, you could simply allow the /usr/sbin/logrotate program to write to the specified log directories and make the executable itself write-protected (at least all the "sbin"-programs should be so, right?) so that it can't be modified.
Hope that this helps.
Regards,
Martin Neuhaeusser
On Tue, Sep 03, 2002 at 10:43:05AM +0200, Janus N. T?ndering wrote:
> Dear Sirs,
>
> I've installed a LIDS kernel (www.lids.org) on my Debian Woody box. I
> think I have figured out most ACLs but I cannot make the daily/weekly
> cron jobs work properly (those that rotate logs etc).
>
> Does someone have any experience regarding this matter?
>
> Regards,
> Janus
> --
> Janus N?rgaard T?ndering
> email: [EMAIL PROTECTED], [EMAIL PROTECTED] or [EMAIL PROTECTED]
>
> "Would you buy a car with the hood welded shut?"
> -Phil Hughes, Linux Journal Magazine
>
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
>
--
\ /
---==( o )==---
PGP encrypted messages preferred. Public-Key at:
http://sawfish.weh.rwth-aachen.de/~martin/index.html
pgpkpAVuoev1U.pgp
Description: PGP signature
