On Sat, 29 Dec 2007 12:40:47 PST, dean gaudet said: > > See, this is where you show that you don't understand the system. I'll > > explain it, just once. /var/home contains home directories. /var/log and > > /var/home are on the same filesystem. So /var/log/* can be linked to > > /var/home/malicious, and that's just one of your basic misunderstandings. > > yes you are on crack. > > i told you i understand this exactly. it's right there in the message > sent.
So... You understand that if /var/home and /var/log are on one file system, you can hard-link, and you set your system up knowing that, and then you're *surprised* that: > the main worry i have is some user maliciously hardlinks everything > under /var/log somewhere else and slowly fills up the file system with > old rotated logs. "Doctor, it hurts when I do this.." "Well, don't do that then". I think the first time I saw the recommendation "Put /home on its own filesystem and don't give users directly writable directories on /var (except via set-uid helpers) so they can't play hardlink games" back in 1983 or so. I know that when SunOS 3.1 came out, that was already well-understood basic sysadmining. Sometimes, there's actual good reasons behind 20-year-old voodoo.. ;) You sure you don't want to redesign your filesystem layout so you don't have to worry about your malicious users hardlinking stuff? Might be a lot easier than trying to get the kernel to do what you want in this case....
pgpPidVpWmhml.pgp
Description: PGP signature