File system accounting

Dan Pelleg daniel+bsd at pelleg.org
Wed May 21 08:06:59 PDT 2003


steven at natural.keybaud.org (Steven Haywood) writes:

> Hiya
> 
> Is there any way I can keep a track of which users modify certain files? (I have allowed a couple of people access to some of my MRTG config files, I'd like to be able to point a finger if one of them breaks something...)
> 
> Thanks
> Steven

I'm assuming you already looked at accton and decided against it.

You can possibly use sudo (in the ports). Change the permissions on the
files so only one special user could change them. Configure the sudoers
file to allow people from this group to run specific commands as that user
to manipulate the file and to log every time it grants access in this way.

The tricky part is coming up with the right set of commands. Obviously if
you let them run a shell as that user then they can mess it up in lots of
ways (like redirecting to it). All you'll have then is the time in which
they last got a shell - if you're lucky that will be enough. But to be safe
you'll want sudo to just let them use something like perl -i and an editor
(and make sure the editor doesn't let them break into a shell!).

-- 

  Dan Pelleg


More information about the freebsd-questions mailing list