> > I allow read-access to all of /var/log. However, I also allow read > > access to /etc/shadow: > > > > /usr/bin/tail /var/log/../../etc/shadow > > > > does work. How can I best restrict that? I've tried > > > /usr/bin/tail/[^.]*
/usr/bin/tail /var/log/[^.]* will prevent sudo tail /var/log/../../etc/shadow but not sudo tail /var/log/apache/../../../etc/shadow :-( I have no better idea. Stony -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]