Re: securely access to application logs
kona_iron_at_yahoo.fr
Date: 02/15/05
- Previous message: Jim Ficarra: "Re: send email from an IP that is aliased"
- In reply to:(deleted message) Michael Vilain: "Re: securely access to application logs"
- Next in thread: Michael Vilain: "Re: securely access to application logs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 15 Feb 2005 13:28:54 -0800
Thank you Mickael.
Some of our Solaris servers was not prepared to become "guest" users. A
lot of Application were installed with "other" access right. We can not
remove this access right so easy without to be sure that they are no
impact.
So in between time I also think to use SUDO. But I'm not sure that SUDO
can solve my problem, because of some files that are too "open" (other
acces).
And restricted shell can not prevent acces a file if I know his path,
right ?
Regards.
Michael Vilain wrote:
> In article <1108422851.143107.293540@z14g2000cwz.googlegroups.com>,
> kona_iron@yahoo.fr wrote:
>
> > Hello,
> > We have a lot of Solaris servers with each multiple applications
that
> > generate application logs.
> > Some application logs have to be read by "non privilege" users.
> > We can not give direct accesse on these logs. So the idea is to
have a
> > log server.
> > These applications do not use syslog. So it is not easy to export
these
> > logs to amother servers.
> > What do you suggest me ?
> > We need a solution as secure as possible. So no NFS or Samba
> >
> > Thank's a lot for any advices
>
> Setup sudo to use a paginator that doesn't allow shelling-out. Build
> "less" to not allow a shell and create scripts that provide listing
the
> log files. Use sudo to allow non-priv users to access them.
>
> This require they login to a non-privileged account running a
restricted
> shell and use an UNIX command line. If they are grown up enough to
> require access to log files, they can deal with a command line.
>
> --
> DeeDee, don't press that button! DeeDee! NO! Dee...
- Previous message: Jim Ficarra: "Re: send email from an IP that is aliased"
- In reply to:(deleted message) Michael Vilain: "Re: securely access to application logs"
- Next in thread: Michael Vilain: "Re: securely access to application logs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
