From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: Re: Proof of concept patch,
	add dropping privileges to a non root user
Date: Tue, 20 Oct 2009 12:34:33 -0400
Message-ID: <200910201234.34030.sgrubb@redhat.com>
References: <4ADDC422.3000108@geomatys.fr>
Mime-Version: 1.0
Content-Type: Text/Plain;
  charset="iso-8859-15"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <4ADDC422.3000108@geomatys.fr>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On Tuesday 20 October 2009 10:07:30 am corentin.labbe wrote:
> This is a patch that add a -u parameter to auditd.

That would perhaps change a bunch of things in auditd file permissions.

> This parameter permit to auditd to drop to an unprivilegied UID after
>  initialization.

Have you checked to see if these things still work:

* service auditd rotate, and do you get a DAEMON_ROTATE record filled in?

* service auditd reload, and do you get a DAEMON_RECONFIG record filled in?

* service auditd stop, and do you get a DAEMON_END record filled in?

* If you increase the priority in auditd.conf and run service auditd reload, 
does it work?

*Does space_left_action still work for email, single, and halt options?

* Can you still change tcp_listen_port to another privileged port and service 
auditd reload?

* What about the kerberos options?

Just curious if these scenarios were checked. :)

-Steve