milan@gpu.utcs.utoronto.ca (Milan Strnad) (02/18/90)
I am trying to put some controls on the "root" account (don't even ask why). Currently I have all of root's activity (key strokes, etc.) getting logged in a log file. Unfortunately, this does not prevent the root user from "rm"ing the log file, but it does prevent him from modifying it. File locking does not seem to work in this instance. How can I better ensure the log file maintains its integrity? I'm using SCO Xenix 2.3.2 on a Compaq 386.
daveb@i88.isc.com (Dave Burton) (02/20/90)
In article <1990Feb17.190606.22454@gpu.utcs.utoronto.ca> milan@gpu.utcs.utoronto.ca (Milan Strnad) writes: |I am trying to put some controls on the "root" account (don't even ask why). |Currently I have all of root's activity (key strokes, etc.) getting logged |in a log file. Unfortunately, this does not prevent the root user from "rm"ing |the log file, but it does prevent him from modifying it. File locking does |not seem to work in this instance. How can I better ensure the log file |maintains its integrity? I'm using SCO Xenix 2.3.2 on a Compaq 386. You can't. Don't restrict root, restrict access. If you need a semi-privileged user that can do most, but not all things, create a new notroot account, change you systems permissions such that access is allowed where needed, but denied where not. Use the group bits to good advantage. It is a mistake to try and limit root. It's unrestricted for a reason. -- Dave Burton uunet!ism780c!laidbak!daveb