hasn't anyone else ever typed in the password into the username prompt? The logs would read something like "failed login for abc124". That's reason enough for me to not allow everyone on the system to look at logs without justification.<br>
<br>brian<br><br><div class="gmail_quote">2008/4/8 Michael H. Warfield <<a href="mailto:mhw@wittsend.com">mhw@wittsend.com</a>>:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d"><br>
On Tue, 2008-04-08 at 14:24 -0400, Jeff Lightner wrote:<br>
> /var/log/messages is currently only read/write for root with no<br>
> permissions for anyone else.<br>
<br>
> Other than "none of their business" can anyone tell me any reason not<br>
> to allow DBAs the ability to read the file (i.e. change it to be read<br>
> for group and other)?<br>
<br>
</div> There can, occasionally, be sensitive information in there. Just make<br>
sure nothing "security" related is being routed into that file and you<br>
may be OK. Every once in a while the security level will have sensitive<br>
passwords when someone enters a password into a user id field.<br>
<br>
I wouldn't open it up to just anyone poking, however. Principle of<br>
minimums. Minimum privs and minimum access. If the DBA's need it,<br>
change to group to a specific group, give it read access and add it to<br>
their accounts as a secondary group. Don't just a+r it.<br>
<br>
Mike<br>
<font color="#888888"><br>
--<br>
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw@WittsEnd.com<br>
/\/\|=mhw=|\/\/ | (678) 463-0932 | <a href="http://www.wittsend.com/mhw/" target="_blank">http://www.wittsend.com/mhw/</a><br>
NIC whois: MHW9 | An optimist believes we live in the best of all<br>
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!<br>
<br>
</font><br>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
<br></blockquote></div><br>