Unix Security Log

[Doug Gwyn]

In article <5081 at homxc.ATT.COM> bgt at homxc.ATT.COM (B.TONGUE) writes:
>Good morning, world, I have a question concerning the monitoring
>of one's account.  Briefly, there is material which is relevant
>to my group contained in my directories, and I'd like to keep
>a log on who 'cd's' into my subdirectories to use it.

The first thing you need to realize is that a chdir to set the
current working directory is not necessary in order for someone
to access the files in that directory.

The next thing to know is that if you set access permissions so
that some group of people is permitted (according to the UNIX rules
for enforcing file permissions) to access the files, they can access
them.  You can tell from the access time recorded in a file's inode
when the last access was made, but not by whom.

The best way to log such access is via a set-UID interface program
that verifies that the invoker is permitted to access the controlled
files and notifies you somehow when the access occurs, combined
with setting the file permissions such that only the UID matching
the set-UID program has access.  We've done this, for example, to
permit SCCS archives to be more carefully protected than usual.
Writing such a program is straightforward, but since there are
security ramifications if you do it wrong, it is best to have an
expert design and implement it.