draft eventlog registry patch for review
Brian Moran
bmoran at centeris.com
Wed Aug 31 17:18:08 GMT 2005
Jerry wrote:
-----
Actually in this case, accessing the eventlog record
tdbs should be handled by file systenm permissions.
An alternative for readonly access to certain
registry values would be a simple command line tool
that could be executed from a shell. How would that
work for you?
---
Re: File system permissions -- that's what I meant, sorry I wasn't clear. I don't think that any local process that didn't have the appropriate permissions (e.g. a user-level process) would need access to the eventlog TDBs -- I foresee most events coming from daemons that are running with appropriate privilege levels, or have been explicitly granted access to the TDB through the existing file system mechanisms (member of eventlog-writer group for example). As an example, Sendmail (if I remember correctly, it's been a while) tries to run at the minimal privilege level possible; the sendmail-daemon, if it were to grow the ability to write eventlog entries, would have to be granted access to the TDBs.
This is a long-winded way of saying I don't think commandline registry read ops are necessary right now.
More information about the samba-technical
mailing list