I am writing a python script that needs to make a log entry whenever it's invoked. The log created by the script must not be changeable by the user (except root) who invoked the script. I tried the syslog module and while this does exactly what I want in terms of file permissions, I need to be able to put the resulting log file in an arbitrary location. How would I go about doing this?
Having a script setuid root just to make a log entry is definitely NOT a good idea.
mgv
2010-03-25 22:27:03
I believe this got me started in the right direction. As I understand in, creating a C wrapper binary for the script and then setuid root on it is more secure, right?
Travis
2010-03-25 23:09:12
never. ever. setuid scripts.
hop
2010-03-25 23:50:33
+1
A:
I see you are on linux,
Depending on which filesystem you are using, you may be able to use the chattr command. You can make files that are append only by setting the a attribute
gnibbler
2010-03-25 22:12:54