[KLUG Members] Allowing users to write to log file

[Adam Tauno Williams]

>>I am writing a shell script that will indirectly append a users output
>>to a read only log file.  I don't want the log file to be writable by
>the user.
>>To aproach this problem I wrote the user script and passed the output
>>to a script owned by root that will append to the log file.  The log
>>file is not writable by the user.  This process failed perhaps because
>>the user can't force the root file to give root priveleges on other
>>files.  I changed the root file permissions to -rwsr-xr-x but with no
>success.  Is there a way to allow a user to execute the root file so the
>>user read only file can be appended?
>1)  You cannot make a SUID shell script in Linux, and you don't want
>to!!! There are major security holes that can be exploited no matter how
>well you write the script.  You'd be giving your users total root
>access.
>I did something similar this way:
>I wrote a small C program to write to the log file.
>As a security precaution, I made the C program SUID to
>an dummy user, NOT ROOT!  So I have the same permissions
>as -rwsr-xr-x  but the script is owned by "fred" not root.
>And the log file is also owned by user "fred"  -rw-------
>Then you can call the C program from a shell script or
>where ever you like.

Sheesh, what do I do these presentations for..... :)

http://www.kalamazoolinux.org/presentations/20000829/img14.htm

The "logger" facility lets an arbitrary process send messages via the syslog
facility system.  Then the admin can tune what messages go where and you
script/program can worry about other things than manage-ing the log.

It is probably pretty much the same this as bruce's C program.

Systems and Network Administrator
Morrison Industries
1825 Monroe Ave NW
Grand Rapids, MI. 49505