I’ve been googling around a while about how to get this thing done, but still nothing sufficient.
When a new domain is created, owner of the ‘logs’ directory is set to be the domain admin user. Even though the logfiles themselves are owned by the root user, the domain admin is able to delete them (beause of the directory ownership). I don’t want to log the same messages to two different locations for keeping the evidence so I need to ensure, that when a new domain is created, privileges of the logs directory will be set so the domain admin cannot delete logs. Yes, it is possible to do it manually, but that’s not the way I want it. Has anyone had the same problem?
Thanks