David Nicol wrote:
I've written a Perl program to parse my /var/log/messages file and place certain data into a mySQL database.
I agree, any script that I write the performs a system function and is not part of the provisioning system usually goes in /root/bin
Seriously, the more secure approach as I understand it is to create a special-purpose user and have the process run by that user. For clarity's sake, the script would then live somewhere like
/home/Logcooker/bin(I capitalize fake users, to avoid confusion in case I have to give a user account on this machine to someone strongly identified with their hobby as an amateur paper miller.)
Well, this would be more secure, provided you have a specially crafted sudoer's file for that "Logcooker" user so that they may access the logs, although after some period of creating maintenance scripts the sudo file will start to get very very large and complicated, leaving you with a user that has nearly the same as root privileges
-Scott Oertel