Björn Persson said: > William Hooper wrote: > >> Björn Persson said: >> >>>Wouldn't it be rather difficult to construct a sudoers file so that a >>>user can do anything an administrator might possibly need to do but not >>>in any way manipulate the log? >> >> >> Sure, remote logging. >> >> Any log on the local machine is suspect, so if it is important set up >> remote logging. > > sudo service network stop, or reboot without networking, or just yank > the cable. No more remote logging - and if someone asks you had a > perfectly good reason to take the machine offline for a little while. :-) If the user has physical access or the ability to boot into single user mode it doesn't matter what you are using, because it isn't your machine it is theirs :-) -- William Hooper
