Subject: kern/5458: acct(2) bug accounting to files marked sappnd
To: None <gnats-bugs@gnats.netbsd.org>
From: TheMan <andrew@untraceable.net>
List: netbsd-bugs
Date: 05/17/1998 01:37:12
>Number: 5458
>Category: kern
>Synopsis: acct(2) fails to send accounting to file: EOPNOTSUPP
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: kern-bug-people (Kernel Bug People)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat May 16 22:50:00 1998
>Last-Modified:
>Originator: Andrew Brown
>Organization:
>Release: 1.2
>Environment:
i386, NetBSD-1.2
System: NetBSD noc 1.2 NetBSD 1.2 (null) #4: Fri Oct 24 01:27:28 EDT 1997 root@noc:/usr/src/sys/arch/i386/compile/null i386
>Description:
maybe you've changed this...i dunno. the -current man pages don't
seem to indicate it. although maybe they shouldn't? either way, it
is "not supported" to enable accounting to a file that has been marked
append-only. the acct(2) call from accton(8) fails with EOPNOTSUPP.
>How-To-Repeat:
root@noc::ttyp1:/usr/src/usr.sbin/accton# touch /var/account/acct
root@noc::ttyp1:/usr/src/usr.sbin/accton# ll -o /var/account/acct
-rw-r--r-- 1 root wheel - 0 May 17 01:21 /var/account/acct
root@noc::ttyp1:/usr/src/usr.sbin/accton# chmod 600 /var/account/acct
root@noc::ttyp1:/usr/src/usr.sbin/accton# chflags sappnd /var/account/acct
root@noc::ttyp1:/usr/src/usr.sbin/accton# ll -o /var/account/acct
-rw------- 1 root wheel sappnd 0 May 17 01:21 /var/account/acct
root@noc::ttyp1:/usr/src/usr.sbin/accton# accton /var/account/acct.0
accton: Operation not permitted
>Fix:
it seems to me that since accounting records are only being *added* to
the file, it should be perfectly okay to mark the file append-only.
this would make a lot of sense for a secure environment (although
/etc/daily would require a bit of hacking :). so...either change
acct(2) to allow it to "account" to append-only files, or add
EOPNOTSUPP and a description to the acct(2) man page.
>Audit-Trail:
>Unformatted: