Steve Grubb wrote:
> On Wednesday 13 December 2006 11:00, Karl MacMillan wrote:
>
>>Is there a reason that the audit tools that take a file name paramater
>>(-if) are not executable by non-root users?
>
>
> Current tools do not.
>
> [root src]# grep getuid *.c
> auditctl.c: if (getuid() != 0) {
> auditctl.c: if (getuid() != 0) {
>
> Must be root to send netlink
>
> auditd.c: if (getuid() != 0) {
>
> Must be root to read netlink
>
> autrace.c: if (getuid() != 0) {
>
> Must be root to write to netlink.
I think Karl is talking about the mode bits. The audit tools
are 750, owned by root,root, on my system, so not executable
by non-root users.
-- ljk
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
