logrotate security

linux logrotate

Solution 1:

As long as the user can write and create files in the directory with your log files, you can use another user. However, if your logrotate config is editable only by root, then I don't see much risk there. If someone can subvert that they can gain root and can cause far more harm than just messing up with log files, so the concerns, while certainly exist, do not really justify customizing a standard app such as logrotate.

Solution 2:

If the logrotate config is writable only by root, you shouldn't have any problems with people changing it to overwrite random files. If you wanted to run it as another user, you'd have to ensure that user had access to change all the log files you want rotated, which will add complexity with very little return.

Related

Access AWS EC2 MySQL instance remotely - Best practice
IIS Connection String not being inherited
Preventing email blasts with Exchange 2010 IP Throttling (or any other technology)
Insufficient access when trying to set machine OS attributes when joining Linux server to Active Directory
Improve RSYNC scan speed / Alternate approach?
SQL Server 2008 Copy Database Wizard: Fail
What filesystem comes closest to matching NTFS for support of ACLs, and highly-granular permissioning?
Linux as a gateway (no NAT)
Small business VPN solution [closed]
Nginx Load Balance / Proxy to Upstream with Path / Rewrite
ELB health checks for freshly launched EC2 instances not working
Configuring IIS 7.5 to be FIPS 140.2 compliant