also sprach martin f krafft <madduck@debian.org> [2004.12.12.1713 +0100]:
> also sprach Santiago Vila <sanvila@unex.es> [2004.12.12.1708 +0100]:
> > My mail.* files are 640 and I don't remember having done anything
> > special for that to happen.
>
> Judging from an IRC conversation, I should note that I just did
> a fresh install into VMware from the 2004-11-27 netinst ISO. The log
> files are:
I am just stepping through this an notice that the sysklogd postinst
does:
for LOG in `syslogd-listfiles` `syslogd-listfiles --auth`; do
if [ ! -f $LOG ]; then
touch $LOG
fi
chown root:adm $LOG
chmod 640 $LOG
done
However, this will only be syslog and auth.log (the others are --weekly)
As soon as sysklogd starts, it touches all files into place, but
with a 0022 umask and thus mode 0644. Right after the installation,
the following log files are present:
-rw-r--r-- 1 root root 2095 2004-12-13 20:22 aptitude
-rw-r----- 1 root adm 1464 2004-12-13 20:23 auth.log
-rw-r--r-- 1 root root 136465 2004-12-13 20:23
base-config.log
-rw-r--r-- 1 root root 10283 2004-12-13 20:23
base-config.timings
-rw-rw-r-- 1 root utmp 0 2004-12-13 15:08 btmp
-rw-r--r-- 1 root root 288 2004-12-13 20:23 daemon.log
drwxr-xr-x 3 root root 4096 2004-12-13 15:09
debian-installer
-rw-r--r-- 1 root root 5276 2004-12-13 20:22 debug
-rw-r--r-- 1 root root 12360 2004-12-13 15:14 dmesg
drwxr-s--- 2 Debian-exim adm 4096 2004-12-13 15:19 exim4
-rw-r--r-- 1 root root 22765 2004-12-13 20:22 kern.log
drwxr-xr-x 2 root root 4096 2004-12-13 15:08 ksymoops
-rw-rw-r-- 1 root utmp 292292 2004-12-13 20:23 lastlog
-rw-r--r-- 1 root root 0 2004-12-13 20:22 lp-acct
-rw-r--r-- 1 root root 0 2004-12-13 20:22 lp-errs
-rw-r--r-- 1 root root 47 2004-12-13 20:22 lpr.log
-rw-r--r-- 1 root root 0 2004-12-13 15:18 mail.err
-rw-r--r-- 1 root root 0 2004-12-13 15:18 mail.info
-rw-r--r-- 1 root root 0 2004-12-13 15:18 mail.log
-rw-r--r-- 1 root root 0 2004-12-13 15:18 mail.warn
-rw-r--r-- 1 root root 17211 2004-12-13 20:22 messages
drwxr-sr-x 2 news news 4096 2004-12-13 15:18 news
-rw-r----- 1 root adm 23476 2004-12-13 20:23 syslog
-rw-r--r-- 1 root root 90 2004-12-13 15:19 user.log
-rw-r--r-- 1 root root 0 2004-12-13 15:18 uucp.log
-rw-rw-r-- 1 root utmp 9216 2004-12-13 20:23 wtmp
I see three solutions here.
The first is to make the sysklog postinst touch all files into
place, not just syslog and auth.log (probably what was intended).
The second would be to run sysklogd with a 0027 umask and make
/var/log setgid adm. I am not sure this is a solution at all, but
maybe worth consideration?
The third solution is to make /var/log 2750 with group adm. This
would lock out all non-adm users. I like this myself a lot,
actually. Why do users need access to log files?
I am going to file a bug about this now.
--
Please do not send copies of list mail to me; I read the list!
.''`. martin f. krafft <madduck@debian.org>
: :' : proud Debian developer, admin, user, and author
`. `'`
`- Debian - when you have better things to do than fixing a system
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
Attachment:
signature.asc
Description: Digital signature