Re: plog

[Rob Mahurin <alphenglor@rhct093.res.utk.edu>]

On Thu, Jan 14, 1999 at 10:08:15PM +0000, ktb wrote:
> Ben Collins wrote:
> 
> > On Thu, Jan 14, 1999 at 08:32:47PM -0700, Robert Kerr wrote:
> > > When I type plog I get this:
> > >
> > > tail: /var/log/ppp.log: Permission denied
> > >
> > > the attributes for ppp.log are
> > > -rw-r-----   1 root     adm          8305 Jan 14 20:38 /var/log/ppp.log
> > >
> > > What can I do to change this?
> >
> > You have to run plog as root. The reason that ppp.log isn't world
> > readable is that your ppp password is more than likely in the log file.
> 
> Hmmmm, my   ppp.log file shows the same:
> 
> ~$ ls -l /var/log/ppp.log
> -rw-r-----   1 root     adm        848182 Jan 14 16:04 /var/log/ppp.log
> 
> 
> And as a regular user gives me this:
> 
> ~$ plog
> --lots of successful looking output---
> 
> I looked at the file  /var/log/ppp.log  itself  as a regular user  using  "cat"  and
> found my password there.  So if I don't have to use plog as root do I have a security
> problem?  I'm confused.
> Thanks,
> Kent

How 'bout this:  While only root can write to the log, in both cases it's readable by 
anyone in the "adm" group.  So if the output of the command "groups user" includes adm, 
then that user can read the plog (and a bunch of other things, too) but not write to them.

"adduser user group" will add user to group and give him all of the rights and privileges (sp?)
he is thereto entitled.

as for removing a user from a group, I don't remember off the top of my head and couldn't 
find the command in two minutes or less.  Anybody?  

Rob

-- 
If a train station is a place where a train stops, what's a workstation?