William Hooper wrote:
Björn Persson said:
Wouldn't it be rather difficult to construct a sudoers file so that a user can do anything an administrator might possibly need to do but not in any way manipulate the log?
Sure, remote logging.
Any log on the local machine is suspect, so if it is important set up remote logging.
sudo service network stop, or reboot without networking, or just yank the cable. No more remote logging - and if someone asks you had a perfectly good reason to take the machine offline for a little while. :-)
Björn Persson
