PSRP logging through OMI needs improvements

[jeffaco]

Currently, the PSRP provider through OMI uses OMI's logging capabilities. This is problematic in several ways:

1. Frequently, it's better to debug PSRP independently from OMI, and
2. PSRP, running as @requestor@, does not actually have permissions to write to OMI's logging directory.

As a short term hack to get logging running, you can do the following:

• chmod 777 /var/opt/omi/log
• Enable debug logging in /etc/opt/omi/conf/omiserver.conf
• PSRP server will log to the /var/opt/omi/log/ShellServer.log.

This, of course, has the disadvantage that anybody on the system can write freely to /var/opt/omi/log.

A much better logging mechanism is to do what SCX does:

1. Create a small EXEC program, similar to SCX's tool, to create directory /var/opt/microsoft/psrp/log/<username>, where that directory is owned by the user in question,
2. Have a separate configuration file that PSRP reads to determine if it should log or not,
3. Have a logging directory explicitly for PSRP, perhaps in /var/opt/microsoft/psrp/log.
   • If the requester is root, then the log file is created in that directory (no subdirectory is created),
   • If the requester is non-root, use the new directory. Due to omi-preexec having been run, permissions will be set so that user can write the log into that directory.

This would vastly simplify and improve the PSRP provider's logging mechanism.