From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.comp.sysutils.supervision.general/1238
Path: news.gmane.org!not-for-mail
From: Laurent Bercot <ska-supervision@skarnet.org>
Newsgroups: gmane.comp.sysutils.supervision.general
Subject: Re: svlogd and umask settings
Date: Sat, 16 Sep 2006 11:51:09 +0200
Message-ID: <20060916095109.GA24837@skarnet.org>
References: <20060830220325.GK25489@annvix.org> <20060901174940.GY25489@annvix.org> <20060915144744.18045.qmail@3430f19bcf16f5.315fe32.mid.smarden.org> <20060915152226.GI18873@annvix.org>
NNTP-Posting-Host: main.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: sea.gmane.org 1158400259 17528 80.91.229.2 (16 Sep 2006 09:50:59 GMT)
X-Complaints-To: usenet@sea.gmane.org
NNTP-Posting-Date: Sat, 16 Sep 2006 09:50:59 +0000 (UTC)
Original-X-From: supervision-return-1474-gcsg-supervision=m.gmane.org@list.skarnet.org Sat Sep 16 11:50:54 2006
Return-path: <supervision-return-1474-gcsg-supervision=m.gmane.org@list.skarnet.org>
Envelope-to: gcsg-supervision@gmane.org
Original-Received: from antah.skarnet.org ([212.85.147.14])
	by ciao.gmane.org with smtp (Exim 4.43)
	id 1GOWp0-00032L-Ba
	for gcsg-supervision@gmane.org; Sat, 16 Sep 2006 11:50:50 +0200
Original-Received: (qmail 25220 invoked by uid 76); 16 Sep 2006 09:51:09 -0000
Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm
List-Post: <mailto:supervision@list.skarnet.org>
List-Help: <mailto:supervision-help@list.skarnet.org>
List-Unsubscribe: <mailto:supervision-unsubscribe@list.skarnet.org>
List-Subscribe: <mailto:supervision-subscribe@list.skarnet.org>
List-Archive: <http://www.skarnet.org/lists/>
Original-Received: (qmail 25210 invoked by uid 1000); 16 Sep 2006 09:51:09 -0000
Mail-Followup-To: supervision@list.skarnet.org
Original-To: supervision@list.skarnet.org
Content-Disposition: inline
In-Reply-To: <20060915152226.GI18873@annvix.org>
User-Agent: Mutt/1.4i
Xref: news.gmane.org gmane.comp.sysutils.supervision.general:1238
Archived-At: <http://permalink.gmane.org/gmane.comp.sysutils.supervision.general/1238>

> and I'm aiming to protect dumb admins from themselves.

 I don't want to start a discussion here, or sound patronizing, but
might I suggest you're on a wild goose chase ? ;)
 Unix wasn't made to protect dumb admins from themselves. It was made
to be used by people who know what they're doing. (And that's the
reason why there are so many Unix problems and misconfigurations.)

 I have found so far that the most efficient way to write software that
aims to ensure proper working and security of a Unix system is to set
clear boundaries and document them: point A is the software's
responsibility, point B is *your* responsibility as the admin and you
should make sure it works before running the software.

 Anyway. Enough ranting.

-- 
 Laurent