Re: Whose user/group to monitor log files?
Stephane Bortzmeyer <firstname.lastname@example.org> writes:
I have a package that needs to read (just read) log files. I don't want to
make it run as root (for security reasons, the less privileges, the better).
What user or group can I use?
The logs files are readable by the 'adm' group. But there is no user in that
group by default. I would like to create one just for this purpose (packages
are not supposed to create users lightly, Policy 3.2). What about a 'monitor'
user, member of the 'adm' group, which could be used by all the packages?
Is there something wrong with making your package setgid adm?