> If someone executes this program repeatedly > of from a loop, syslog would become too large. > Is something wrong? Can access to syslog > be restrcted? Good question. I can't see any ways to limit the rate at which a given user can send messages, and the sysklogd man page lists this as a flaw in the current implementation. This is somewhat worrying.
On the other hand, you can quite easily prevent certain users from logging any messages at all, if you only log messages from the local machine. syslogd listens on a Unix socket, usually /dev/log, for incoming messages, and if a user doesn't have write permission on that socket, they can't put anything in the syslog. So, what I would do is this: 1) Create a new group called logging 2) Place all of the users and services which need to make entries in the syslog in this group 3) chgrp logging /dev/log 4) chmod o-rw /dev/log Of course, this doesn't help if you use network logging as well. The easiest way of restricting this is probably using the kernel packet filters. Steven Smith, [EMAIL PROTECTED]
msg01027/pgp00000.pgp
Description: PGP signature
