[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Whose user/group to monitor log files?

Stephane Bortzmeyer <bortzmeyer@pasteur.fr> writes:

   I have a package that needs to read (just read) log files. I don't want to 
   make it run as root (for security reasons, the less privileges, the better). 
   What user or group can I use?

   The logs files are readable by the 'adm' group. But there is no user in that 
   group by default. I would like to create one just for this purpose (packages 
   are not supposed to create users lightly, Policy 3.2). What about a 'monitor' 
   user, member of the 'adm' group, which could be used by all the packages?

Is there something wrong with making your package setgid adm?

Reply to: