PolicyKit auditing - was Fedora 11: moving to posix file capabilities?
Steve Grubb wrote:
Where's the GUI or commandline tool that lets me configure it? I may need
to have auditing of who changed what entry in that file. When I chmod
4755 a program, I know who changed it, what the old and new values are,
when they did it, and what the outcome was.
There's no real story on that other than "uid 0" and $EDITOR yet.
This is basically the same as all the other OS config files.
No...we have a handful of apps that audit changes to trusted databases.
password and adduser are two examples.
Why doesn't someone throw the entire set of config files into a version
control system? With bonus points for permitting it to reside remotely
and contain similar machines as branches. Aside from wanting to know
who changed what and when, the more important issue is usually what was
there last week when it still worked, or how it is different from a
similar machine. And the machine in question may not be working when
you need to know this.
fedora-devel-list mailing list